2/27/2015 1:50 PM. Chapter 4 - Configuring Controller Settings. Configuring Controller Settings. Table of Contents

Transcription

1 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 1 of 45 Cisco Wireless LAN Controller Configuration Guide, Release 7. Chapter 4 - Configuring Controller Settings Cisco Wireless LAN Controller Configuration Guide, Release 7. Preface Chapter 1 - Overview Chapter 2 - Using the Web-Browser and CLI Interfaces Chapter 3 - Configuring Ports and Interfaces Chapter 4 - Configuring Controller Settings Chapter 5 - Configuring Video Streams Chapter 6 - Configuring Security Solutions Chapter 7 - Configuring WLANs Chapter 8 - Controlling Lightweight Access Points Chapter 9 - Controlling Mesh Access Points Chapter 1 - Managing Controller Software and Configurations Chapter 11 - Managing User Accounts Chapter 12 - Configuring Radio Resource Management Chapter 13 - Configuring Cisco CleanAir Chapter 14 - Configuring Mobility Groups Chapter 15 - Configuring Hybrid REAP Appendix A - Safety Considerations and Translated Safety Warnings Appendix B - Declarations of Conformity and Regulatory Information Appendix C - End User License and Warranty Appendix D - Troubleshooting Appendix E - Logical Connectivity Diagrams Index Downloads: This chapter (PDF MB) The complete book (PDF MB) Feedback Table of Contents Configuring Controller Settings Installing and Configuring Licenses Obtaining an Upgrade or Capacity Adder License Installing a License Using the GUI to Install a License Using the CLI to Install a License Viewing Licenses Using the GUI to View Licenses Using the CLI to View Licenses Choosing the Licensed Feature Set Using the GUI to Choose the Licensed Feature Set Using the CLI to Choose the Licensed Feature Set Activating an AP-Count Evaluation License Using the GUI to Activate an AP-Count Evaluation License Using the CLI to Activate an AP-Count Evaluation License Rehosting a License Using the GUI to Rehost a License Using the CLI to Rehost a License Transferring Licenses to a Replacement Controller after an RMA Configuring the License Agent Using the GUI to Configure the License Agent Using the CLI to Configure the License Agent Configuring Bands Using the GUI to Configure Bands Using the CLI to Configure Bands Configuring 82.11n Parameters Using the GUI to Configure 82.11n Parameters Using the CLI to Configure 82.11n Parameters Configuring 82.11h Parameters Using the GUI to Configure 82.11h Parameters Using the CLI to Configure 82.11h Parameters Configuring DHCP Proxy Using the GUI to Configure DHCP Proxy Using the CLI to Configure DHCP Proxy Configuring Administrator Usernames and Passwords Configuring Usernames and Passwords Restoring Passwords Configuring SNMP Changing the Default Values of SNMP Community Strings Using the GUI to Change the SNMP Community String Default Values Using the CLI to Change the SNMP Community String Default Values Changing the Default Values for SNMP v3 Users Using the GUI to Change the SNMP v3 User Default Values Using the CLI to Change the SNMP v3 User Default Values Configuring Aggressive Load Balancing Client Association Limits Client Association Limits for Lightweight Access Points Client Association Limits for Autonomous IOS Access Points Using the GUI to Configure Aggressive Load Balancing Using the CLI to Configure Aggressive Load Balancing Configuring Band Selection Guidelines for Using the Band Selection Using the GUI to Configure Band Selection Using the CLI to Configure Band Selection Configuring Fast SSID Changing Using the GUI to Configure Fast SSID Changing Using the CLI to Configure Fast SSID Changing Enabling 82.3X Flow Control Configuring 82.3 Bridging Using the GUI to Configure 82.3 Bridging Using the CLI to Configure 82.3 Bridging Configuring Multicast Mode Understanding Multicast Mode Guidelines for Using Multicast Mode Using the GUI to Enable Multicast Mode Using the GUI to View Multicast Groups Using the CLI to Enable Multicast Mode Using the CLI to View Multicast Groups Using the CLI to View an Access Point s Multicast Client Table Configuring Client Roaming Intra-Controller Roaming Inter-Controller Roaming Inter-Subnet Roaming Voice-over-IP Telephone Roaming CCX Layer 2 Client Roaming Using the GUI to Configure CCX Client Roaming Parameters Using the CLI to Configure CCX Client Roaming Parameters Using the CLI to Obtain CCX Client Roaming Information Using the CLI to Debug CCX Client Roaming Issues Configuring IP-MAC Address Binding Configuring Quality of Service Configuring Quality of Service Profiles Using the GUI to Configure QoS Profiles Using the CLI to Configure QoS Profiles Configuring Quality of Service Roles Using the GUI to Configure QoS Roles Using the CLI to Configure QoS Roles Configuring Voice and Video Parameters Call Admission Control Bandwidth-Based CAC Load-Based CAC Expedited Bandwidth Requests U-APSD Traffic Stream Metrics Using the GUI to Configure Voice Parameters Using the GUI to Configure Video Parameters Using the GUI to View Voice and Video Settings Using the GUI to Configure Media Parameters Using the CLI to Configure SIP Based CAC Using the CLI to Configure Voice Parameters Using the CLI to Configure Video Parameters Using the CLI to View Voice and Video Settings Configuring EDCA Parameters Using the GUI to Configure EDCA Parameters Using the CLI to Configure EDCA Parameters Configuring Cisco Discovery Protocol Using the GUI to Configure Cisco Discovery Protocol Using the GUI to View Cisco Discovery Protocol Information Using the CLI to Configure the Cisco Discovery Protocol Using the CLI to View Cisco Discovery Protocol Information Configuring RFID Tag Tracking Using the CLI to Configure RFID Tag Tracking Using the CLI to View RFID Tag Tracking Information Using the CLI to Debug RFID Tag Tracking Issues Configuring and Viewing Location Settings Installing the Location Appliance Certificate Synchronizing the Controller and Location Appliance Configuring Location Settings Viewing Location Settings Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues Viewing NMSP Settings Debugging NMSP Issues Configuring the Supervisor 72 to Support the WiSM General WiSM Guidelines Configuring the Supervisor Using the Wireless LAN Controller Network Module Resetting the Controller to Default Settings Using the GUI to Reset the Controller to Default Settings Using the CLI to Reset the Controller to Default Settings Configuring Controller Settings This chapter describes how to configure settings on the controller. It contains these sections: Installing and Configuring Licenses Configuring Bands Configuring 82.11n Parameters Configuring 82.11h Parameters 2/27/215 1:5 PM

2 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 2 of 45 Configuring DHCP Proxy Configuring Administrator Usernames and Passwords Configuring SNMP Changing the Default Values of SNMP Community Strings Changing the Default Values for SNMP v3 Users Configuring Aggressive Load Balancing Configuring Band Selection Configuring Fast SSID Changing Enabling 82.3X Flow Control Configuring 82.3 Bridging Configuring Multicast Mode Configuring Client Roaming Configuring IP-MAC Address Binding Configuring Quality of Service Configuring Voice and Video Parameters Configuring EDCA Parameters Configuring Cisco Discovery Protocol Configuring RFID Tag Tracking Configuring and Viewing Location Settings Configuring the Supervisor 72 to Support the WiSM Using the Wireless LAN Controller Network Module Resetting the Controller to Default Settings Installing and Configuring Licenses You can order Cisco 55 Series Controllers with support for 12, 25, 5, 1, 25 or 5 access points as the controller s base capacity. You can add additional access point capacity through capacity adder licenses available at 25, 5, 1 and 25 access point capacities. You can add the capacity adder licenses to any base license in any combination to arrive at the maximum capacity of 5 access points. The base and adder licenses are supported through both rehosting and RMAs. These controller platforms do not require licenses: Cisco 21 and Cisco 44 Series Controllers, Cisco WiSMs, Controller Network Modules, and Catalyst 375G Integrated Wireless LAN Controller Switches. The base license supports the standard base software set and, for releases and later, the premium software set is included as part of the base feature set, which includes this functionality: Datagram Transport Layer Security (DTLS) data encryption for added security across remote WAN and LAN links See the Configuring Data Encryption section for more information on data encryption. Support for OfficeExtend access points, which are used for secure mobile teleworking See the OfficeExtend Access Points section for more information on OfficeExtend access points. Support for the 113AG and 124AG series indoor mesh access points, which dynamically establish wireless connections in locations where it might be difficult to connect to the wired network See Controlling Mesh Access Points, for more information on mesh access points. All features included in a Wireless LAN Controller WPLUS license are now included in the base license; this change is introduced in release These WPlus license features are included in the base license: OfficeExtend AP Enterprise Mesh CAPWAP Data Encryption The licensing change can affect features on your wireless LAN when you upgrade or downgrade software releases, so you should be aware of these guidelines: If you have a WPlus license and you upgrade from 6..x.x to , your license file contains both Basic and WPlus license features. You won t see any disruption in feature availability and operation. If you have a WPlus license and you downgrade from to or or , your license file contains only base license, and you will lose all WPLUS features. If you have a base license and you downgrade from to or , when you downgrade, you lose all WPlus features. To view the controller trap log, choose Monitor and click View All under Most Recent Traps on the controller GUI (see Figure 4-1). You can also view traps by using SNMP-based management tools. Figure 4-1 Trap Logs Page The ap-count licenses and their corresponding image-based licenses are installed together. The controller keeps track of the licensed access point count and does not allow more than the number of access points to associate to it. The Cisco 55 Series Controller is shipped with both permanent and evaluation base and base-ap-count licenses. If desired, you can activate the evaluation licenses, which are designed for temporary use and set to expire after 6 days. See the Choosing the Licensed Feature Set section for instructions on activating an image-based evaluation license and the Activating an AP-Count Evaluation License section for instructions on activating an ap-count evaluation license. No licensing steps are required after you receive your Cisco 55 Series Controller because the licenses you ordered are installed at the factory. In addition, licenses and product authorization keys (PAKs) are preregistered to serial numbers. However, as your wireless network evolves, you might want to add support for additional access points or upgrade from the standard software set to the base software set. To do so, you need to obtain and install an upgrade license. Obtaining an Upgrade or Capacity Adder License A certificate with a product authorization key (PAK) is required before you can obtain an upgrade license. You can use the capacity adder licenses to increase the number of access points supported by the controller up to a maximum of 5 access points. The capacity adder licenses are available in access point capacities of 1, 25, 5, 1 and 25 access points. You can add these licenses to any of the base capacity licenses of 12, 25, 5, 1 and 25 access points. For example, if your controller was initially ordered with support for 1 access points (base license AIR-CT558-1-K9), you could increase the capacity to 5 access points by purchasing a 25 access point, 1 access point, and a 5 access point additive capacity license (LIC-CT558-25A, LIC-CT558-1A, and LIC-CT558-5A). You can find more information on ordering capacity adder licenses at this URL: If you skip any tiers when upgrading (for example, if you do not install the -25U and -5U licenses along with the -1U), the license registration for the upgraded capacity fails. For a single controller, you can order different upgrade licenses in one transaction (for example, -25U, -5U, -1U, and -25U), for which you receive one PAK with one license. Then you have only one license (instead of four) to install on your controller. If you have multiple controllers and want to upgrade all of them, you can order multiple quantities of each upgrade license in one transaction (for example, you can order 1 each of the -25U, -5U, -1U, and -25 upgrade licenses), for which you receive one PAK with one license. You can continue to register the PAK for multiple controllers until it is exhausted. Base license SKUs for the Cisco 55 Series Controllers are as follows: AIR-CT K9 AIR-CT K9 AIR-CT558-5-K9 AIR-CT558-1-K9 AIR-CT K9 AIR-CT558-5-K9 The capacity adder SKUs are as follows: LIC-CT558-25A LIC-CT558-5A LIC-CT558-1A LIC-CT558-25A 2/27/215 1:5 PM

3 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 3 of 45 To obtain and register a PAK certificate, follow these steps: Step 1 Order the PAK certificate for an upgrade license through your Cisco channel partner or your Cisco sales representative, or order it online at this URL: Step 2 If you are ordering online, begin by choosing the primary upgrade SKU L-LIC-CT558-UPG or LIC CT558-UPG. Then, choose any number of the following options to upgrade one or more controllers under one PAK. Table 4-1 lists the capacity adder licenses available through or on paper: Table 4-1 Available Capacity Adder Licenses Type Part Number Description L-LIC-CT558-UPG Primary upgrade SKU: Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key L-LIC-CT558-25A 25 AP Adder License for the 558 Controller (edelivery) L-LIC-CT558-5A 5 AP Adder License for the 558 Controller (edelivery) L-LIC-CT558-1A 1 AP Adder License for the 558 Controller (edelivery) L-LIC-CT558-25A 25 AP Adder License for the 558 Controller (edelivery) LIC-CT558-UPG Primary upgrade SKU: Pick any number or combination of the following options under this SKU, to upgrade one or many controllers under one product authorization key LIC-CT558-25A 25 AP Adder License for the 558 Controller LIC-CT558-5A 5 AP Adder License for the 558 Controller LIC-CT558-1A 1 AP Adder License for the 558 Controller LIC-CT558-25A 25 AP Adder License for the 558 Controller paper If you require a paper certificate for Customs, order it without the L- in the SKU (for example, LIC-CT558-25A) and choose to ship it using U.S. mail. Step 3 After you receive the certificate, use one of two methods to register the PAK: Cisco License Manager (CLM) This method automates the process of obtaining licenses and deploying them on Cisco devices. For deployments with more than five controllers, we recommend using CLM to register PAKs and install licenses. You can also use CLM to rehost or RMA a license. You cannot use CLM to change the licensed feature set or activate an ap-count evaluation license. To perform these operations, you must follow the instructions in the Choosing the Licensed Feature Set section and the Activating an AP-Count Evaluation License section. Because you can use CLM to perform all other license operations, you can disregard the remaining licensing information in this chapter except these two sections and the Configuring the License Agent section if you want your controller to use HTTP to communicate with CLM. You can download the CLM software and access user documentation at this URL: Licensing portal This alternative method enables you to manually obtain and install licenses on your controller. If you want to use the licensing portal to register the PAK, follow the instructions in Use the licensing portal to register the PAK as follows:. Step 4 Use the licensing portal to register the PAK as follows: a. Go to b. On the main Product License Registration page, enter the PAK mailed with the certificate in the Product Authorization Key (PAK) text box and click Submit. c. On the Validate Features page, enter the number of licenses that you want to register in the Qty text box and click Update. d. To determine the controller s product ID and serial number, choose Controller > Inventory on the controller GUI or enter the show license udi command on the controller CLI. Information similar to the following appears on the controller CLI: Device# PID SN UDI * AIR-CT558-K9 FCW138L3 AIR-CT558-K9:FCW138L3 e. On the Designate Licensee page, enter the product ID and serial number of the controller on which you plan to install the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the text boxes on this page, and click Submit. f. On the Finish and Submit page, verify that all information is correct and click Submit. g. When a message appears indicating that the registration is complete, click Download License. The license is ed within 1 hour to the address that you specified. h. When the arrives, follow the instructions provided. i. Copy the license file to your TFTP server. j. Follow the instructions in the Installing a License section below to install the license on your controller. Installing a License You can use the controller GUI or CLI to install a license on a Cisco 55 Series Controller. Using the GUI to Install a License To install a license on the controller using the controller GUI, follow these steps: Step 1 Choose Management > Software Activation > Commands to open the License Commands page (see Figure 4-2). Figure 4-2 License Commands Page Step 2 From the Action drop-down list, choose Install License. The Install License from a File section appears (see Figure 4-3). Figure 4-3 License Commands (Install License) Page 2/27/215 1:5 PM

4 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 4 of 45 Step 3 In the File Name to Install text box, enter the path to the license (*.lic) on the TFTP server. Step 4 Click Install License. A message appears to show whether the license was installed successfully. If the installation fails, the message provides the reason for the failure, such as the license is an existing license, the path was not found, the license does not belong to this device, you do not have correct permissions for the license, and so on. Step 5 If the end-user license agreement (EULA) acceptance dialog box appears, read the agreement and click Accept to accept the terms of the agreement. Typically, you are prompted to accept the EULA for evaluation, extension, and rehost licenses. The EULA is also required for permanent licenses, but it is accepted during license generation. Step 6 Save a backup copy of all installed licenses as follows: a. From the Action drop-down list, choose Save License. b. In the File Name to Save text box, enter the path on the TFTP server where you want the licenses to be saved. You cannot save evaluation licenses. c. Click Save Licenses. Step 7 Reboot the controller. Step 8 Follow the instructions in the Viewing Licenses section to see the status of the license that you installed. Step 9 If the desired license is not being used by the controller, follow the instructions in the Choosing the Licensed Feature Set section or the Activating an AP-Count Evaluation License section to change the license that is used by the controller. Using the CLI to Install a License To install a license on the controller using the controller CLI, follow these steps: Step 1 Install a license on the controller by entering this command: license install url where url is tftp:// server_ip / path / filename. To remove a license from the controller, enter the license clear license_name command. For example, you might want to delete an expired evaluation license or any unused license. You cannot delete unexpired evaluation licenses, the permanent base image license, or licenses that are in use by the controller. Step 2 If you are prompted to accept the end-user license agreement (EULA), read and accept the terms of the agreement. Typically, you are prompted to accept the EULA for evaluation, extension, and rehost licenses. The EULA is also required for permanent licenses, but it is accepted during license generation. Step 3 Add comments to a license or delete comments from a license by entering this command: license comment { add delete } license_name comment_string Step 4 Save a backup copy of all installed licenses by entering this command: license save url where url is tftp:// server_ip / path / filename. Step 5 Reboot the controller by entering this command: reset system Step 6 Follow the instructions in the Viewing Licenses section to see the status of the license you installed. Step 7 If the desired license is not being used by the controller, follow the instructions in the Choosing the Licensed Feature Set section or the Activating an AP-Count Evaluation License section to change the license that is used by the controller. Viewing Licenses This section describes how to view the licenses on the controller. Using the GUI to View Licenses To view licenses on the controller using the controller GUI, follow these steps: Step 1 Choose Management > Software Activation > Licenses to open the Licenses page (see Figure 4-4). Figure 4-4 Licenses Page This page lists all of the licenses installed on the controller. For each license, it shows the license type, expiration, count (the maximum number of access points allowed for this license), priority (low, medium, or high), and status (in use, not in use, inactive, or EULA not accepted). Controller platforms do not support the status of 'grace period' or 'extension' as a license type. The license status will always show 'evaluation' even if a grace period or an extension evaluation license is installed. If you ever want to remove a license from the controller, hover your cursor over the blue drop-down arrow for the license and click Remove. For example, you might want to delete an expired evaluation license or any unused 2/27/215 1:5 PM

5 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 5 of 45 license. You cannot delete unexpired evaluation licenses, the permanent base image license, or licenses that are in use by the controller. Step 2 Click the link for the desired license to view more details for a particular license. The License Detail page appears (see Figure 4-5). Figure 4-5 License Detail Page This page shows the following additional information for the license: The license type (permanent, evaluation, or extension) The license version The status of the license (in use, not in use, inactive, or EULA not accepted) The length of time before the license expires Permanent licenses never expire. Whether the license is a built-in license The maximum number of access points allowed for this license The number of access points currently using this license Step 3 If you want to enter a comment for this license, type it in the Comment text box and click Apply. Step 4 Click Save Configuration to save your changes. Using the CLI to View Licenses To view licenses on the controller, use these commands: See the license level, license type, and number of access points licensed on the controller by entering this command: show sysinfo Manufacturer's Name... Cisco Systems Inc. Product Name... Cisco Controller Product Version RTOS Version Bootloader Version Emergency Image Version... N/A Build Type... DATA + WPS System Name... Cisco 69 System Location... na System Contact... abc@cisco.com System ObjectID IP Address System Up Time... 3 days 1 hrs 12 mins 42 secs System Timezone Location... CurrentBoot License Level...base CurrentBoot License Type...Permanent NextBoot License Level...base NextBoot License Type...Permanent Operating Environment... Commercial ( to 4 C) Internal Temp Alarm Limits... to 65 C Internal Temperature C State of 82.11b Network... Enabled State of 82.11a Network... Enabled Number of WLANs... 4 Number of Active Clients... Burned-in MAC Address... :1A:6D:DD:1E:4 Crypto Accelerator 1... Absent Crypto Accelerator 2... Absent Power Supply 1... Absent Power Supply 2... Present, OK Maximum number of APs supported See a brief summary of all active licenses installed on the controller by entering this command: show license summary Index 1 Feature: base Period left: minute second Index 2 Feature: base-ap-count Period left: minute second Index3 Feature: base Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 4 Feature: base-ap-count Period left: 6 weeks, 4 days License Type: Evaluation License State: Active, In Use License Count: 25/25/ License Priority: High See all of the licenses installed on the controller by entering this command: show license all License Store: Primary License Storage StoreIndex: 1 Feature: base Version: 1. License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium StoreIndex: 3 Feature: base-ap-count Version: 1. License Type: Evaluation 2/27/215 1:5 PM

6 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 6 of 45 License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 3 days License Count: 25// License Priority: High See the details for a particular license by entering this command: show license detail license_name Index: 1 Feature: base-ap-count Version: 1. License Type: Permanent License State: Active, Not in Use License Count: 12// License Priority: Medium Store Index: Store Name: Primary License Storage Index: 2 Feature: base-ap-count Version: 1. License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: 25// License Priority: Low Store Index: 3 Store Name: Evaluation License Storage See all expiring, evaluation, permanent, or in-use licenses by entering this command: show license {expiring evaluation permanent in-use} Information similar to the following appears for the show license in-use command: StoreIndex: 2 Feature: base-ap-count Version: 1. License Type: Permanent License State: Active, In Use License Count: 12/12/ License Priority: Medium StoreIndex: 3 Feature: base Version: 1. License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Controller platforms do not support the status of 'grace period' or 'extension' as a license type. The license status will always show 'evaluation' even if a grace period or an extension evaluation license is installed. See the maximum number of access points allowed for this license on the controller, the number of access points currently joined to the controller, and the number of access points that can still join the controller by entering this command: show license capacity Licensed Feature Max Count Current Count Remaining Count AP Count See statistics for all licenses on the controller by entering this command: show license statistics Administrative statistics Install success count: 2 Install failure count: Install duplicate count: Comment add count: Comment delete count: Clear count: Save count: 2 Save cred count: Client status Request success count 2 Request failure count Release count Global Notify count 6 See a summary of license-enabled features by entering this command: show license feature Feature name Enforcement Evaluation Clear Allowed Enabled base yes yes yes yes base-ap-count yes yes yes no Choosing the Licensed Feature Set You can configure the controller to specify which feature set it uses. The currently active license determines the feature set and number of access points supported on the controller. Using the GUI to Choose the Licensed Feature Set To specify the feature set for the controller using the controller GUI, follow these steps: Step 1 Choose Management > Software Activation > License Level to open the License Level page (see Figure 4-6). Figure 4-6 License Level Page This page shows the current license level and the level to be used after the next controller reboot. It also shows the maximum number of access points allowed by the license on the controller, the number of access points currently joined to the controller, and the number of access points that can still join the controller. Step 2 Click the base license level link to open the Licenses page (see Figure 4-7) to learn more about the available license levels. Figure 4-7 Licenses Page 2/27/215 1:5 PM

7 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 7 of 45 This page shows the licenses applicable to this level and the list of features supported. Step 3 Click Back to return to the License Level page. Step 4 If you want to change the license level, follow these steps: a. Choose the license level to be used on the next reboot: base, or auto. If you choose auto, the licensing software automatically chooses the license level to use on the next reboot. It chooses permanent licenses over evaluation licenses. To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license. If no valid licenses are installed, the controller can always operate in base level. b. Click Activate. c. Click OK when prompted to confirm your decision to change the license level on the next reboot. d. If you are prompted to accept the end-user license agreement (EULA), read and accept the terms of the agreement and then click Accept. The Next Boot Level text box now shows the license level that you specified as the level to be used after the next controller reboot. e. Reboot the controller so that the specified license level takes effect. Using the CLI to Choose the Licensed Feature Set To specify the feature set for the controller using the controller CLI, follow these steps: Step 1 See the current license level and the level to be used after the next controller reboot by entering this command: show sysinfo Product Name... Product Version Current Boot License Level... Current Boot License Type... Next Boot License Level... Next Boot License Type Cisco Controller base Permanent auto Permanent Step 2 Specify the license level to be used on the next reboot by entering this command: config license boot { base auto } If you choose auto, the licensing software automatically chooses the license level to use on the next reboot. It chooses permanent licenses over evaluation licenses. To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license. Step 3 If you are prompted to accept the end-user license agreement (EULA), read and accept the terms of the agreement. The EULA appears if no permanent licenses are installed at the specified boot level and the evaluation license has not yet been activated. In this case, the config license boot command changes the license level and activates the evaluation license following a reboot. Step 4 See the license level to be used after the next controller reboot by entering this command: show sysinfo Step 5 Reboot the controller in order to have your changes take effect by entering this command: reset system Activating an AP-Count Evaluation License If you are considering upgrading to a license with a higher access point count, you can try an evaluation license before upgrading to a permanent version of the license. For example, if you are using a permanent license with a 5-access-point count and want to try an evaluation license with a 1-access-point count, you can try out the evaluation license for 6 days. AP-count evaluation licenses are set to low priority by default so that the controller uses the ap-count permanent license. If you want to try an evaluation license with an increased access point count, you must change its priority to high. If you no longer want to have this higher capacity, you can lower the priority of the ap-count evaluation license, which forces the controller to use the permanent license. To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license. You can activate ap-count evaluation licenses using the controller GUI or CLI. Using the GUI to Activate an AP-Count Evaluation License To activate an ap-count evaluation license using the controller GUI, follow these steps: Step 1 Choose Management > Software Activation > Licenses to open the Licenses page (see Figure 4-8). Figure 4-8 Licenses Page 2/27/215 1:5 PM

8 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 8 of 45 The Status column shows which licenses are currently in use, and the Priority column shows the current priority of each license. Step 2 Activate an ap-count evaluation license as follows: a. Click the link for the ap-count evaluation license that you want to activate. The License Detail page appears (see Figure 4-9). Figure 4-9 License Detail Page b. Choose High from the Priority drop-down list and click Set Priority. You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured. c. Click OK when prompted to confirm your decision about changing the priority of the license. d. When the EULA appears, read the terms of the agreement and then click Accept. e. When prompted to reboot the controller, click OK. f. Reboot the controller in order for the priority change to take effect. g. Click Licenses to open the Licenses page and verify that the ap-count evaluation license now has a high priority and is in use. You can use the evaluation license until it expires. Step 3 If you decide to stop using the ap-count evaluation license and want to revert to using an ap-count permanent license, follow these steps: a. On the Licenses page, click the link for the ap-count evaluation license that is in use. b. Choose Low from the Priority drop-down list and click Set Priority. You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured. c. Click OK when prompted to confirm your decision about changing the priority of the license. d. When the EULA appears, read the terms of the agreement and then click Accept. e. When prompted to reboot the controller, click OK. f. Reboot the controller in order for the priority change to take effect. g. Click Licenses to open the Licenses page and verify that the ap-count evaluation license now has a low priority and is not in use. Instead, the ap-count permanent license should be in use. Using the CLI to Activate an AP-Count Evaluation License To activate an ap-count evaluation license using the controller CLI, follow these steps: Step 1 See the current status of all the licenses on your controller by entering this command: show license all License Store: Primary License Storage StoreIndex: Feature: base-ap-count Version: 1. License Type: Permanent License State: Active, In Use License Count: 12// License Priority: Medium StoreIndex: 1 Feature: base Version: 1. License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium StoreIndex: 2 Feature: base Version: 1. License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted License Priority: Low StoreIndex: 3 Feature: base-ap-count Version: 1. License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: 25// License Priority: Low The License State text box shows the licenses that are in use, and the License Priority text box shows the current priority of each license. Step 2 Activate an ap-count evaluation license as follows: 2/27/215 1:5 PM

9 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 9 of 45 a. To raise the priority of the base-ap-count evaluation license, enter this command: license modify priority license_name high You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured. b. To reboot the controller in order for the priority change to take effect, enter this command: reset system c. To verify that the ap-count evaluation license now has a high priority and is in use, enter this command: show license all You can use the evaluation license until it expires. Step 3 If you decide to stop using the ap-count evaluation license and want to revert to using an ap-count permanent license, follow these steps: a. To lower the priority of the ap-count evaluation license, enter this command: license modify priority license_name low b. To reboot the controller in order for the priority change to take effect, enter this command: reset system c. To verify that the ap-count evaluation license now has a low priority and is not in use, enter this command: show license all Instead, the ap-count permanent license should be in use. Rehosting a License Revoking a license from one controller and installing it on another is called rehosting. You might want to rehost a license in order to change the purpose of a controller. For example, if you want to move your OfficeExtend or indoor mesh access points to a different controller, you could transfer the adder license from one controller to another controller of the same model, say from one 55 series controller to another 55 series controller (intramodel transfer). This can be done in the case of RMA or a network rearchitecture that requires you to transfer licenses from one appliance to another. It is not possible to rehost base licenses in normal scenarios of network rearchitecture. The only exception where the transfer of base licenses is allowed is for RMA when you get a replacement hardware when your existing appliance has a failure. Evaluation licenses cannot be rehosted. In order to rehost a license, you must generate credential information from the controller and use it to obtain a permission ticket to revoke the license from the Cisco licensing site. Next, you must obtain a rehost ticket and use it to obtain a license installation file for the controller on which you want to install the license. A revoked license cannot be reinstalled on the same controller Using the GUI to Rehost a License To rehost a license using the controller GUI, follow these steps: Step 1 Choose Management > Software Activation > Commands to open the License Commands page. Step 2 From the Action drop-down list, choose Rehost. The Revoke a License from the Device and Generate Rehost Ticket area appears (see Figure 4-1). Figure 4-1 License Commands (Rehost) Page Step 3 In the File Name to Save Credentials text box, enter the path on the TFTP server where you want the device credentials to be saved and click Save Credentials. Step 4 To obtain a permission ticket to revoke the license, follow these steps: a. Click Cisco Licensing ( ). The Product License Registration page appears (see Figure 4-11). Figure 4-11 Product License Registration Page 2/27/215 1:5 PM

10 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 1 of 45 b. Under Manage Licenses, click Look Up a License. c. Enter the product ID and serial number for your controller. To find the controller s product ID and serial number, choose Controller > Inventory on the controller GUI. d. Open the device credential information file that you saved in In the File Name to Save Credentials text box, enter the path on the TFTP server where you want the device credentials to be saved and click Save Credentials. and copy and paste the contents of the file into the Device Credentials text box. e. Enter the security code in the blank box and click Continue. f. Choose the licenses that you want to revoke from this controller and click Start License Transfer. g. On the Rehost Quantities page, enter the number of licenses that you want to revoke in the To Rehost text box and click Continue. h. On the Designate Licensee page, enter the product ID and serial number of the controller for which you plan to revoke the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the text boxes on this page, and click Continue. i. On the Review and Submit page, verify that all information is correct and click Submit. j. When a message appears indicating that the registration is complete, click Download Permission Ticket. The rehost permission ticket is ed within 1 hour to the address that you specified. k. After the arrives, copy the rehost permission ticket to your TFTP server. Step 5 Use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket as follows: a. In the Enter Saved Permission Ticket File Name text box, enter the TFTP path and filename (*.lic) for the rehost permission ticket that you generated in To obtain a permission ticket to revoke the license, follow these steps:. b. In the Rehost Ticket File Name text box, enter the TFTP path and filename (*.lic) for the ticket that will be used to rehost this license on another controller. c. Click Generate Rehost Ticket. d. When the end-user license agreement (EULA) acceptance dialog box appears, read the agreement and click Accept to accept the terms of the agreement. Step 6 Use the rehost ticket generated in Use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket as follows: to obtain a license installation file, which can then be installed on another controller as follows: a. Click Cisco Licensing. b. On the Product License Registration page, click Upload Rehost Ticket under Manage Licenses. c. On the Upload Ticket page, enter the rehost ticket that you generated in Use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket as follows: in the Enter Rehost Ticket text box and click Continue. d. On the Validate Features page, verify that the license information for your controller is correct, enter the rehost quantity, and click Continue. e. On the Designate Licensee page, enter the product ID and serial number of the controller on which you plan to use the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the text boxes on this page, and click Continue. f. On the Review and Submit page, verify that all information is correct and click Submit. g. When a message appears indicating that the registration is complete, click Download License. The rehost license key is ed within 1 hour to the address that you specified. h. After the arrives, copy the rehost license key to your TFTP server. i. Follow the instructions in the Installing a License section to install this license on another controller. Using the CLI to Rehost a License To rehost a license using the controller CLI, follow these steps: Step 1 Save device credential information to a file by entering this command: license save credential url where url is tftp:// server_ip / path / filename. Step 2 Obtain a permission ticket to revoke the license as follows: a. Go to The Product License Registration page appears (see Figure 4-11). b. Under Manage Licenses, click Look Up a License. c. Enter the product ID and serial number for your controller. 2/27/215 1:5 PM

11 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 To find the controller s product ID and serial number, enter the show license udi command on the controller CLI. d. Open the device credential information file that you saved in Save device credential information to a file by entering this command: and copy and paste the contents of the file into the Device Credentials text box. e. Enter the security code in the blank box and click Continue. f. Choose the licenses that you want to revoke from this controller and click Start License Transfer. g. On the Rehost Quantities page, enter the number of licenses that you want to revoke in the To Rehost text box and click Continue. h. On the Designate Licensee page, enter the product ID and serial number of the controller for which you plan to revoke the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the text boxes on this page, and click Continue. i. On the Review and Submit page, verify that all information is correct and click Submit. j. When a message appears indicating that the registration is complete, click Download Permission Ticket. The rehost permission ticket is ed within 1 hour to the address that you specified. k. After the arrives, copy the rehost permission ticket to your TFTP server. Step 3 Use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket as follows: a. To revoke the license from the controller, enter this command: license revoke permission_ticket_url where permission_ticket_url is tftp:// server_ip / path / filename. b. To generate the rehost ticket, enter this command: license revoke rehost rehost_ticket_url where rehost_ticket_url is tftp:// server_ip / path / filename. c. If prompted, read and accept the terms of the end-user license agreement (EULA). Step 4 Use the rehost ticket generated in Use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket as follows: to obtain a license installation file, which can then be installed on another controller as follows: a. Go to b. On the Product License Registration page, click Upload Rehost Ticket under Manage Licenses. c. On the Upload Ticket page, enter the rehost ticket that you generated in Use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket as follows: in the Enter Rehost Ticket text box and click Continue. d. On the Validate Features page, verify that the license information for your controller is correct, enter the rehost quantity, and click Continue. e. On the Designate Licensee page, enter the product ID and serial number of the controller on which you plan to use the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the text boxes on this page, and click Continue. f. On the Review and Submit page, verify that all information is correct and click Submit. g. When a message appears indicating that the registration is complete, click Download License. The rehost license key is ed within 1 hour to the address that you specified. h. After the arrives, copy the rehost license key to your TFTP server. i. Follow the instructions in the Installing a License section to install this license on another controller. Transferring Licenses to a Replacement Controller after an RMA If you return a Cisco 55 Series Controller to Cisco as part of the Return Material Authorization (RMA) process, you must transfer that controller s licenses within 6 days to a replacement controller that you receive from Cisco. Replacement controllers come preinstalled with the following licenses: permanent base and evaluation base, base-ap-count. No other permanent licenses are installed. The SKU for replacement controllers is AIR-CT558-CA-K9. Because licenses are registered to the serial number of a controller, you can use the licensing portal on Cisco.com to request that the license from your returned controller be revoked and authorized for use on the replacement controller. After your request is approved, you can install the old license on the replacement controller. Before you begin, you need the product ID and serial number of both the returned controller and the replacement controller. This information is included in your purchase records. The evaluation licenses on the replacement controller are designed for temporary use and expire after 6 days. To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. If the evaluation licenses expire before you transfer the permanent licenses from your defective controller to your replacement controller, the replacement controller remains up and running using the permanent base license, but access points are no longer able to join the controller. To transfer a license to a replacement controller after an RMA, follow these steps: Step 1 Go to Step 2 On the main Product License Registration page, click Register for an RMA License under RMA License Transfer. Step 3 In the Select a Product drop-down list, choose Cisco 55 Series Wireless Controllers. Step 4 Enter the security code in the blank box and click Go to RMA Portal. Step 5 On the RMA License Transfer page, enter the product ID and serial number of the controller that you returned and your RMA service contract number, and click Continue. Step 6 On the Validate Features page, verify that the license information for your controller is correct, and click Continue. Step 7 On the Designate Licensee page, enter the product ID and serial number of the replacement controller. Step 8 Read and accept the conditions of the end-user license agreement (EULA), complete the rest of the text boxes on this page, and click Submit. Step 9 On the Review and Submit page, verify that all information is correct and click Submit. A message appears indicating that your registration request has been submitted, and you will receive an that contains your RMA request ID. Step 1 Select the status of your RMA registration request by following the instructions in the . Step 11 After you receive another notifying you that your RMA registration request is approved (usually within 1 hour), follow the instructions in the Installing a License section to install the license on the replacement controller. Configuring the License Agent If your network contains various Cisco-licensed devices, you might want to consider using the Cisco License Manager (CLM) to manage all of the licenses using a single application. CLM is a secure client/server application that manages Cisco software licenses network wide. The license agent is an interface module that runs on the controller and mediates between CLM and the controller s licensing infrastructure. CLM can communicate with the controller using various channels, such as HTTP, Telnet, and so on. If you want to use HTTP as the communication method, you must enable the license agent on the controller. The license agent receives requests from CLM and translates them into license commands. It also sends notifications to CLM. It uses XML messages over HTTP or HTTPS to receive the requests and send the notifications. For example, CLM sends a license install command, and the agent notifies CLM after the license expires. You can download the CLM software and access user documentation at this URL: Using the GUI to Configure the License Agent To configure the license agent on the controller using the controller GUI, follow these steps: Step 1 Choose Management > Software Activation > License Agent to open the License Agent Configuration page (see Figure 4-12). Figure 4-12 License Agent Configuration Page 2/27/215 1:5 PM

12 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 2 Select the Enable Default Authentication check box to enable the license agent, or leave it unselected to disable this feature. The default value is unselected. Step 3 In the Maximum Number of Sessions text box, enter the maximum number of sessions for the license agent. The valid range is 1 to 25 sessions (inclusive). Step 4 Configure the license agent to listen for requests from the CLM as follows: a. Select the Enable Listener check box to enable the license agent to receive license requests from the CLM, or unselect this check box to disable this feature. The default value is unselected. b. In the Listener Message Processing URL text box, enter the URL where the license agent receives license requests (for example, The Protocol parameter indicates whether the URL requires HTTP or HTTPS. You can specify the protocol to use on the HTTP Configuration page. See the Enabling Web and Secure Web Modes section for more information. c. Select the Enable Authentication for Listener check box to enable authentication for the license agent when it is receiving license requests, or unselect this check box to disable this feature. The default value is unselected. d. In the Max HTTP Message Size text box, enter the maximum size for license requests. The valid range is to 9999 bytes, and the default value is. Step 5 Configure the license agent to send license notifications to the CLM as follows: a. Select the Enable Notification check box to enable the license agent to send license notifications to the CLM, or unselect this check box to disable this feature. The default value is unselected. b. In the URL to Send the Notifications text box, enter the URL where the license agent sends the notifications (for example, c. In the User Name text box, enter the username required in order to view the notification messages at this URL. d. In the Password and Confirm Password text boxes, enter the password required in order to view the notification messages at this URL. Step 6 Click Apply to commit your changes. Step 7 Click Save Configuration to save your changes. Using the CLI to Configure the License Agent To configure the license agent on the controller using the controller CLI, follow these steps: Step 1 Enable the license agent by entering one of these commands: config license agent default authenticate Enables the license agent default listener with authentication. config license agent default authenticate none Enables the license agent default listener without authentication. To disable the license agent default listener, enter the config license agent default disable command. The default value is disabled. Step 2 Specify the maximum number of sessions for the license agent by entering this command: config license agent max-sessions sessions The valid range for the sessions parameter is 1 to 25 (inclusive), and the default value is 9. Step 3 Enable the license agent to receive license requests from the CLM and to specify the URL where the license agent receives the requests by entering this command: config license agent listener http { plaintext encrypt } url authenticate [ none ] [ max-message size ] [ acl acl ] The valid range for the size parameter is to bytes, and the default value is. To prevent the license agent from receiving license requests from the CLM, enter the config license agent listener http disable command. The default value is disabled. Step 4 Configure the license agent to send license notifications to the CLM and to specify the URL where the license agent sends the notifications by entering this command: config license agent notify url username password To prevent the license agent from sending license notifications to the CLM, enter the config license agent notify disable username password command. The default value is disabled. Step 5 Save your changes by entering this command: save config Step 6 See statistics for the license agent s counters or sessions by entering this command: show license agent {counters sessions} Information similar to the following appears for the show license agent counters command: License Agent Counters Request Messages Received:1: Messages with Errors:1 Request Operations Received:9: Operations with Errors: Notification Messages Sent:12: Transmission Errors:: Soap Errors: Information similar to the following appears for the show license agent sessions command: License Agent Sessions: 1 open, maximum is 9 To clear the license agent s counter or session statistics, enter the clear license agent {counters sessions} command. Configuring Bands You can configure the 82.11b/g/n (2.4-GHz) and 82.11a/n (5-GHz) bands for the controller to comply with the regulatory requirements in your country. By default, both 82.11b/g/n and 82.11a/n are enabled. Using the GUI to Configure Bands To configure bands using the controller GUI, follow these steps: Step 1 Choose Wireless > 82.11a/n or 82.11b/g/n > Network to open the 82.11a (or 82.11b/g) Global Parameters page (see Figure 4-13). Figure a Global Parameters Page 2/27/215 1:5 PM

13 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 2 Select the 82.11a (or 82.11b/g ) Network Status check box to enable the 82.11a or 82.11b/g band. To disable the band, unselect the check box. The default value is enabled. You can enable both the 82.11a and 82.11b/g bands. Step 3 If you enabled the 82.11b/g band in Select the 82.11a (or 82.11b/g) Network Status check box to enable the 82.11a or 82.11b/g band. To disable the band, unselect the check box. The default value is enabled. You can enable both the 82.11a and 82.11b/g bands., select the 82.11g Support check box if you want to enable 82.11g network support. The default value is enabled. If you disable this feature, the 82.11b band is enabled without 82.11g support. Step 4 Specify the rate at which the SSID is broadcast by the access point by entering a value between 1 and 6 milliseconds (inclusive) in the Beacon Period text box. The default value is 1 milliseconds. The beacon period in Controllers is listed in terms of milliseconds. The beacon period can also be measured in Time Units, where one Time Unit equals 124 microseconds or 12.4 milliseconds. If a beacon interval is listed as 1 milliseconds in a Controller, it is only a rounded off value for 12.4 milliseconds. Due to hardware limitation in certain radios, even though the beacon interval is, say 1 Time Units, it is adjusted to 12 Time Units, which roughly equals milliseconds. Thus, when the beacon period is to be represented in terms of Time Units, the value is adjusted to the nearest multiple of 17. Step 5 Specify the size at which packets are fragmented by entering a value between 256 and 2346 bytes (inclusive) in the Fragmentation Threshold text box. Enter a low number for areas where communication is poor or where there is a great deal of radio interference. Step 6 Make access points advertise their channel and transmit power level in beacons and probe responses. Select the DTPC Support check box. Otherwise, unselect this check box. The default value is enabled. Client devices using dynamic transmit power control (DTPC) receive the channel and power level information from the access points and adjust their settings automatically. For example, a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there. On access points that run Cisco IOS software, this feature is called world mode. DTPC and 81.11h power constraint cannot be enabled simultaneously. Step 7 Use the Data Rates options to specify the rates at which data can be transmitted between the access point and the client. These data rates are available: 82.11a6, 9, 12, 18, 24, 36, 48, and 54 Mbps 82.11b/g1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, or 54 Mbps For each data rate, choose one of these options: Mandatory Clients must support this data rate in order to associate to an access point on the controller. Supported Any associated clients that support this data rate may communicate with the access point using that rate. However, the clients are not required to be able to use this rate in order to associate. Disabled The clients specify the data rates used for communication. Step 8 Click Apply to commit your changes. Step 9 Click Save Configuration to save your changes. Using the CLI to Configure Bands To configure bands using the controller CLI, follow these steps: Step 1 Disable the 82.11a band by entering this command: config 82.11a disable network The 82.11a band must be disabled before you can configure the 82.11a network parameters in this section. Step 2 Disable the 82.11b/g band by entering this command: config 82.11b disable network The 82.11b band must be disabled before you can configure the 82.11b network parameters in this section. Step 3 Specify the rate at which the SSID is broadcast by the access point by entering this command: config {82.11a 82.11b} beaconperiod time_unit where time_unit is the beacon interval in time units (TUs). One TU is 124 microseconds. You can configure the access point to send a beacon every 2 to 1 milliseconds. Step 4 Specify the size at which packets are fragmented by entering this command: config {82.11a 82.11b} fragmentation threshold where threshold is a value between 256 and 2346 bytes (inclusive). Specify a low number for areas where communication is poor or where there is a great deal of radio interference. Step 5 Make access points advertise their channel and transmit power level in beacons and probe responses by entering this command: config {82.11a 82.11b} dtpc {enable disable} The default value is enabled. Client devices using dynamic transmit power control (DTPC) receive the channel and power level information from the access points and adjust their settings automatically. For example, a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there. On access points that run Cisco IOS software, this feature is called world mode. Step 6 Specify the rates at which data can be transmitted between the controller and the client by entering this command: config {82.11a 82.11b} rate { disabled mandatory supported } rate where disabled Clients specify the data rates used for communication. mandatoryc lients support this data rate in order to associate to an access point on the controller. supported Any associated clients that support this data rate may communicate with the access point using that rate. However, the clients are not required to be able to use this rate in order to associate. rate The rate at which data is transmitted: 6, 9, 12, 18, 24, 36, 48, and 54 Mbps (82.11a) 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, or 54 Mbps (82.11b/g) Step 7 Enable the 82.11a band by entering this command: config 82.11a enable network The default value is enabled. Step 8 Enable the 82.11b band by entering this command: config 82.11b enable network The default value is enabled. Step 9 Enable or disable 82.11g network support by entering this command: 2/27/215 1:5 PM

14 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 config 82.11b 11gSupport {enable disable} The default value is enabled. You can use this command only if the 82.11b band is enabled. If you disable this feature, the 82.11b band is enabled without 82.11g support. Step 1 Save your changes by entering this command: save config Step 11 View the configuration settings for the 82.11a or 82.11b/g band by entering this command: show {82.11a 82.11b} 82.11a Network... Enabled 11nSupport... Enabled 82.11a Low Band... Enabled 82.11a Mid Band... Enabled 82.11a High Band... Enabled 82.11a Operational Rates 82.11a 6M Rate... Mandatory 82.11a 9M Rate... Supported 82.11a 12M Rate... Mandatory 82.11a 18M Rate... Supported 82.11a 24M Rate... Mandatory 82.11a 36M Rate... Supported 82.11a 48M Rate... Supported 82.11a 54M Rate... Supported... Beacon Interval Default Channel Default Tx Power Level... 1 DTPC Status... Enabled Fragmentation Threshold Configuring 82.11n Parameters This section provides instructions for managing 82.11n devices such as the Cisco Aironet 114 and 125 Series Access Points on your network. The 82.11n devices support the 2.4- and 5-GHz bands and offer high-throughput data rates. The 82.11n high-throughput rates are available only on 114 and 125 series access points for WLANs using WMM with no Layer 2 encryption or with WPA2/AES encryption enabled. For information on configuring radio resource management (RRM) parameters or statically assigning radio parameters for 82.11n access points, see Chapter12, Configuring Radio Resource ManagementWireless Device Access Using the GUI to Configure 82.11n Parameters To configure 82.11n parameters using the controller GUI, follow these steps: Step 1 Choose Wireless > 82.11a/n or 82.11b/g/n > High Throughput (82.11n) to open the 82.11n (5 GHz or 2.4 GHz) High Throughput page (see Figure 4-14). Figure n (2.4 GHz) High Throughput Page Step 2 Select the 11n Mode check box to enable 82.11n support on the network. The default value is enabled. Step 3 Select the check boxes of the desired rates to specify the modulation and coding scheme (MCS) rates at which data can be transmitted between the access point and the client. These data rates, which are calculated for a 2-MHz channel width using a short guard interval, are available: (7 Mbps) 1 (14 Mbps) 2 (21 Mbps) 3 (29 Mbps) 4 (43 Mbps) 5 (58 Mbps) 6 (65 Mbps) 7 (72 Mbps) 8 (14 Mbps) 9 (29 Mbps) 1 (43 Mbps) 11 (58 Mbps) 12 (87 Mbps) 13 (116 Mbps) 14 (13 Mbps) 15 (144 Mbps) Any associated clients that support the selected rates may communicate with the access point using those rates. However, the clients are not required to be able to use this rate in order to associate. The MCS settings determine the number of spatial streams, the modulation, the coding rate, and the data rate values that are used. Step 4 Click Apply to commit your changes. Step 5 Use the 82.11n data rates that you configured by enabling WMM on the WLAN as follows: a. Choose WLANs to open the WLANs page. b. Click the ID number of the WLAN for which you want to configure WMM mode. c. When the WLANs > Edit page appears, choose the QoS tab to open the WLANs > Edit (Qos) page. d. From the WMM Policy drop-down list, choose Required or Allowed to require or allow client devices to use WMM. Devices that do not support WMM cannot join the WLAN. e. Click Apply to commit your changes. Step 6 Click Save Configuration to save your changes. To determine if an access point supports 82.11n, look at the 11n Supported text box on either the 82.11a/n (or 82.11b/g/n) Cisco APs > Configure page or the 82.11a/n (or 82.11b/g/n) AP Interfaces > Details page. 2/27/215 1:5 PM

15 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Using the CLI to Configure 82.11n Parameters To configure 82.11n parameters using the controller CLI, follow these steps: Step 1 Enable 82.11n support on the network by entering this command: config { 82.11a 82.11b } 11nsupport { enable disable } Step 2 Specify the modulation and coding scheme (MCS) rates at which data can be transmitted between the access point and the client by entering this command: config { 82.11a 82.11b } 11nsupport mcs tx { -15 } { enable disable } See the descriptions of the through 15 MCS data rates in the Using the GUI to Configure 82.11n Parameters section. Step 3 Use the 82.11n data rates that you configured by enabling WMM on the WLAN as follows: config wlan wmm required wlan_id The required parameter requires client devices to use WMM. Devices that do not support WMM cannot join the WLAN. Step 4 Specify the aggregation method used for 82.11n packets as follows: a. Disable the network by entering this command: config { 82.11a 82.11b } disable network b. Specify the aggregation method entering this command: config { 82.11a 82.11b } 11nsupport a-mpdu tx priority {-7 all} {enable disable } Aggregation is the process of grouping packet data frames together rather than transmitting them separately. Two aggregation methods are available: Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated MAC Service Data Unit (A-MSDU). Both A-MPDU and A-MSDU are performed in the software. You can specify the aggregation method for various types of traffic from the access point to the clients. Table 4-2 defines the priority levels (-7) assigned per traffic type. Table 4-2 Traffic Type Priority Levels User Priority Traffic Type Best effort 1 Background 2 Spare 3 Excellent effort 4 Controlled load 5 Video, less than 1-ms latency and jitter 6 Voice, less than 1-ms latency and jitter 7 Network control You can configure each priority level independently, or you can use the all parameter to configure all of the priority levels at once. When you use the enable command, the traffic associated with that priority level uses A-MPDU transmission. When you use the disable command, the traffic associated with that priority level uses A-MSDU transmission. Configure the priority levels to match the aggregation method used by the clients. By default, A-MPDU is enabled for priority level, 4 and 5 and the rest are disabled. c. R eenable the network by entering this command: config {82.11a 82.11b} enable network Step 5 Save your changes by entering this command: save config Step 6 View the configuration settings for the 82.11a/n or 82.11b/g/n band by entering this command: show {82.11a 82.11b} 82.11a Network... Enabled 11nSupport... Enabled 82.11a Low Band... Enabled 82.11a Mid Band... Enabled 82.11a High Band... Enabled 82.11a Operational Rates 82.11a 6M Rate... Mandatory 82.11a 9M Rate... Supported 82.11a 12M Rate... Mandatory 82.11a 18M Rate... Supported 82.11a 24M Rate... Mandatory 82.11a 36M Rate... Supported 82.11a 48M Rate... Supported 82.11a 54M Rate... Supported 82.11n MCS Settings: MCS... Supported MCS 1... Supported MCS 2... Supported MCS 3... Supported MCS 4... Supported MCS 5... Supported MCS 6... Supported MCS 7... Supported MCS 8... Supported MCS 9... Supported MCS 1... Supported MCS Supported MCS Supported MCS Supported MCS Supported MCS Supported 82.11n Status: A-MPDU Tx... Enabled Priority... Enabled Priority 1... Disabled Priority 2... Disabled Priority 3... Disabled Priority 4... Enabled Priority 5... Enabled Priority 6... Disabled Priority 7... Disabled A-MSDU Tx... Enabled Rifs Tx... Enabled Guard Interval... Short Beacon Interval... 1 CF Pollable mandatory... Disabled CF Poll Request mandatory... Disabled CFP Period... 4 CFP Maximum Duration... 6 Default Channel Default Tx Power Level... 1 DTPC Status...Enabled Fragmentation Threshold Long Retry Limit... 4 Maximum Rx Life Time Max Tx MSDU Life Time Medium Occupancy Limit... 1 RTS Threshold Short Retry Limit... 7 TI Threshold Traffic Stream Metrics Status... Enabled Expedited BW Request Status... Disabled EDCA profile type... default-wmm Voice MAC optimization status... Disabled Call Admission Control (CAC) configuration Voice AC - Admission control (ACM)... Enabled Voice max RF bandwidth /27/215 1:5 PM

16 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Voice Voice Voice Video Voice Voice Video Video reserved roaming bandwidth... load-based CAC mode... tspec inactivity timeout... AC - Admission control (ACM)... Stream-Size... Max-Streams... max RF bandwidth... reserved roaming bandwidth Disabled Disabled Enabled 84 2 Infinite Configuring 82.11h Parameters 82.11h informs client devices about channel changes and can limit the transmit power of those client devices. You can configure the 82.11h parameters using the controller GUI or CLI. Using the GUI to Configure 82.11h Parameters To configure 82.11h parameters using the controller GUI, follow these steps: Step 1 Disable the 82.11a band as follows: a. Choose Wireless > 82.11a/n > Network to open the 82.11a Global Parameters page. b. Unselect the 82.11a Network Status check box. c. Click Apply to commit your change. Step 2 Choose Wireless > 82.11a/n > DFS (82.11h) to open the 82.11h Global Parameters page (see Figure 4-15). Figure h Global Parameters Page Step 3 Select the Channel Announcement check box if you want the access point to announce when it is switching to a new channel and the new channel number, or unselect this check box to disable the channel announcement. The default value is disabled. Step 4 If you enabled the channel announcement in Select the Channel Announcement check box if you want the access point to announce when it is switching to a new channel and the new channel number, or unselect this check box to disable the channel announcement. The default value is disabled., the Channel Quiet Mode check box appears. Select this check box if you want the access point to stop transmitting on the current channel, or unselect this check box to disable quiet mode. The default value is disabled. Step 5 Click Apply to commit your changes. Step 6 Reenable the 82.11a band as follows: a. Choose Wireless > 82.11a/n > Network to open the 82.11a Global Parameters page. b. Select the 82.11a Network Status check box. c. Click Apply to commit your change. Step 7 Click Save Configuration to save your changes. Using the CLI to Configure 82.11h Parameters To configure 82.11h parameters using the controller CLI, follow these steps: Step 1 Disable the 82.11a network by entering this command: config 82.11a disable network Step 2 Enable or disable the access point to announce when it is switching to a new channel and the new channel number by entering this command: config 82.11h channelswitch { enable disable } switch_mode You can enter a or 1 for the switch_mode parameter to specify whether transmissions are restricted until the actual channel switch () or are not restricted (1). The default value is disabled. Step 3 Configure a new channel using the 82.11h channel announcement by entering this command: config 82.11h setchannel channel channel Step 4 Configure the 82.11h power constraint value by entering this command: config 82.11h powerconstraint value The default value for the value parameter is 3 db. Step 5 Reenable the 82.11a network by entering this command: config 82.11a enable network Step 6 See the status of 82.11h parameters by entering this command: show 82.11h Power Constraint... Channel Switch... Disabled Channel Switch Mode... Configuring DHCP Proxy When DHCP proxy is enabled on the controller, the controller unicasts DHCP requests from the client to the configured servers. Consequently, at least one DHCP server must be configured on either the interface associated with the WLAN or the WLAN itself. When DHCP proxy is disabled on the controller, those DHCP packets transmitted to and from the clients are bridged by the controller without any modification to the IP portion of the packet. Packets received from the client are removed from the CAPWAP tunnel and transmitted on the upstream VLAN. DHCP packets directed to the client are received on the upstream VLAN, converted to 82.11, and transmitted through a CAPWAP tunnel toward the client. As a result, the internal DHCP server cannot be used when DHCP proxy is disabled. The ability to disable DHCP proxy allows organizations to use DHCP servers that do not support Cisco s native proxy mode of operation. It should be disabled only when required by the existing infrastructure. You can use the controller GUI or CLI to enable or disable DHCP proxy on a global basis, rather than on a WLAN basis. DHCP proxy is enabled by default. DHCP proxy must be enabled in order for DHCP option 82 to operate correctly. See the Configuring DHCP Option 82 section for information on DHCP option 82. All controllers that will communicate must have the same DHCP proxy setting. See Configuring WLANs, for information on configuring DHCP servers. Using the GUI to Configure DHCP Proxy To configure DHCP proxy using the controller GUI, follow these steps: Step 1 Choose Controller > Advanced > DHCP to open the DHCP Parameters page (see Figure 4-16). Figure 4-16 DHCP Parameters Page 2/27/215 1:5 PM

17 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 2 Select the Enable DHCP Proxy check box to enable DHCP proxy on a global basis. Otherwise, unselect the check box. The default value is selected. Step 3 Click Apply to commit your changes. Step 4 Click Save Configuratio n to save your changes. Using the CLI to Configure DHCP Proxy To configure DHCP proxy using the controller CLI, follow these steps: Step 1 Enable or disable DHCP proxy by entering this command: config dhcp proxy { enable disable } Step 2 View the DHCP proxy configuration by entering this command: show dhcp proxy DHCP Proxy Behavior: enabled Configuring Administrator Usernames and Passwords You can configure administrator usernames and passwords to prevent unauthorized users from reconfiguring the controller and viewing configuration information. This section provides instructions for initial configuration and for password recovery. Configuring Usernames and Passwords To configure administrator usernames and passwords using the controller CLI, follow these steps: Step 1 Configure a username and password by entering one of these commands: config mgmtuser add username password read-writecreates a username-password pair with read-write privileges. config mgmtuser add username password read-onlycreates a username-password pair with read-only privileges. Usernames and passwords are case-sensitive and can contain up to 24 ASCII characters. Usernames and passwords cannot contain spaces. If you ever need to change the password for an existing username, enter the config mgmtuser password username new_password command. Step 2 List the configured users by entering this command: show mgmtuser Restoring Passwords To configure a new username and password at boot-up using the controller CLI, follow these steps: Step 1 After the controller boots up, enter Restore-Password at the User prompt. For security reasons, the text that you enter does not appear on the controller console. Step 2 At the Enter User Name prompt, enter a new username. Step 3 At the Enter Password prompt, enter a new password. Step 4 At the Re-enter Password prompt, reenter the new password. The controller validates and stores your entries in the database. Step 5 When the User prompt reappears, enter your new username. Step 6 When the Password prompt appears, enter your new password. The controller logs you in with your new username and password. Configuring SNMP To configure SNMP using the controller CLI, follow these steps: Step 1 Enter the config snmp community create name command to create an SNMP community name. Step 2 Enter the config snmp community delete name command to delete an SNMP community name. Step 3 Enter the config snmp community accessmode ro name command to configure an SNMP community name with read-only privileges. Enter config snmp community accessmode rw name to configure an SNMP community name with read-write privileges. Step 4 Enter the config snmp community ipaddr ip-address ip-mask name command to configure an IP address and subnet mask for an SNMP community. This command behaves like an SNMP access list. It specifies the IP address from which the device accepts SNMP packets with the associated community. The requesting entity s IP address is ANDed with the subnet mask before being compared to the IP address. If the subnet mask is set to..., an IP address of... matches to all IP addresses. The default value is... The controller can use only one IP address range to manage an SNMP community. Step 5 Enter the config snmp community mode enable command to enable a community name. Enter the config snmp community mode disable command to disable a community name. Step 6 Enter the config snmp trapreceiver create name ip-address command to configure a destination for a trap. Step 7 Enter the config snmp trapreceiver delete name command to delete a trap. Step 8 Enter the config snmp trapreceiver ipaddr old-ip-address name new-ip-address command to change the destination for a trap. Step 9 Enter the config snmp trapreceiver mode enable command to enable traps. Enter the config snmp trapreceiver mode disable command to disable traps. Step 1 Enter config snmp syscontact syscontact-name to configure the name of the SNMP contact. Enter up to 31 alphanumeric characters for the contact name. Step 11 Enter the config snmp syslocation syslocation-name command to configure the SNMP system location. Enter up to 31 alphanumeric characters for the location. Step 12 Use the show snmpcommunity and the show snmptrap commands to verify that the SNMP traps and communities are correctly configured. Step 13 Use the show trapflags command to see the enabled and disabled trapflags. If necessary, use the config trapflags command to enable or disable trapflags. Changing the Default Values of SNMP Community Strings The controller has commonly known default values of public and private for the read-only and read-write SNMP community strings. Using these standard values presents a security risk. If you use the default community names, and since these are known, the community names could be used to communicate to the controller using the SNMP protocol. Therefore, Cisco strongly advises that you change these values. Using the GUI to Change the SNMP Community String Default Values To change the SNMP community string default values using the controller GUI, follow these steps: Step 1 Choose Management and then Communities under SNMP. The SNMP v1 / v2c Community page appears (see Figure 4-17). Figure 4-17 SNMP v1 / v2c Community Page 2/27/215 1:5 PM

18 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 2 If public or private appears in the Community Name column, hover your cursor over the blue drop-down arrow for the desired community and choose Remove to delete this community. Step 3 Click New to create a new community. The SNMP v1 / v2c Community > New page appears (see Figure 4-18). Figure 4-18 SNMP v1 / v2c Community > New Page Step 4 In the Community Name text box, enter a unique name containing up to 16 alphanumeric characters. Do not enter public or private. Step 5 In the next two text boxes, enter the IP address from which this device accepts SNMP packets with the associated community and the IP mask. Step 6 Choose Read Only or Read/Write from the Access Mode drop-down list to specify the access level for this community. Step 7 Choose Enable or Disable from the Status drop-down list to specify the status of this community. Step 8 Click Apply to commit your changes. Step 9 Click Save Configuration to save your settings. Step 1 Repeat this procedure if a public or private community still appears on the SNMP v1 / v2c Community page. Using the CLI to Change the SNMP Community String Default Values To change the SNMP community string default values using the controller CLI, follow these steps: Step 1 See the current list of SNMP communities for this controller by entering this command: show snmp community Step 2 If public or private appears in the SNMP Community Name column, enter this command to delete this community: config snmp community delete name The name parameter is the community name (in this case, public or private ). Step 3 Create a new community by entering this command: config snmp community create name Enter up to 16 alphanumeric characters for the name parameter. Do not enter public or private. Step 4 Enter the IP address from which this device accepts SNMP packets with the associated community by entering this command: config snmp community ipaddr ip_address ip_mask name Step 5 Specify the access level for this community by entering this command, where ro is read-only mode and rw is read/write mode: config snmp community accessmode { ro rw } name Step 6 Enable or disable this SNMP community by entering this command: config snmp community mode { enable disable } name Step 7 Save your changes by entering save config. Step 8 Repeat this procedure if you still need to change the default values for a public or private community string. Changing the Default Values for SNMP v3 Users The controller uses a default value of default for the username, authentication password, and privacy password for SNMP v3 users. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values. SNMP v3 is time sensitive. Make sure that you have configured the correct time and time zone on your controller. Using the GUI to Change the SNMP v3 User Default Values To change the SNMP v3 user default values using the controller GUI, follow these steps: Step 1 Choose Management > SNMP > SNMP V3 Users to open the SNMP V3 Users page (see Figure 4-19). Figure 4-19 SNMP V3 Users Page Step 2 If default appears in the User Name column, hover your cursor over the blue drop-down arrow for the desired user and choose Remove to delete this SNMP v3 user. Step 3 Click New to add a new SNMP v3 user. The SNMP V3 Users > New page appears (see Figure 4-2). Figure 4-2 SNMP V3 Users > New Page 2/27/215 1:5 PM

19 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 4 In the User Profile Name text box, enter a unique name. Do not enter default. Step 5 Choose Read Only or Read Write from the Access Mode drop-down list to specify the access level for this user. The default value is Read Only. Step 6 From the Authentication Protocol drop-down list, choose the desired authentication method: None, HMAC-MD5 (Hashed Message Authentication Coding-Message Digest 5), or HMAC-SHA (Hashed Message Authentication Coding-Secure Hashing Algorithm). The default value is HMAC-SHA. Step 7 In the Auth Password and Confirm Auth Password text boxes, enter the shared secret key to be used for authentication. You must enter at least 12 characters. Step 8 From the Privacy Protocol drop-down list, choose the desired encryption method: None, CBC-DES (Cipher Block Chaining-Digital Encryption Standard), or CFB-AES-128 (Cipher Feedback Mode-Advanced Encryption Standard-128). The default value is CFB-AES-128. In order to configure CBC-DES or CFB-AES-128 encryption, you must have selected either HMAC-MD5 or HMAC-SHA as the authentication protocol in From the Authentication Protocol drop-down list, choose the desired authentication method: None, HMAC-MD5 (Hashed Message Authentication Coding-Message Digest 5), or HMAC-SHA (Hashed Message Authentication Coding-Secure Hashing Algorithm). The default value is HMAC-SHA.. Step 9 In the Priv Password and Confirm Priv Password text boxes, enter the shared secret key to be used for encryption. You must enter at least 12 characters. Step 1 Click Apply to commit your changes. Step 11 Click Save Configuration to save your settings. Step 12 Reboot the controller so that the SNMP v3 user that you added takes effect. Using the CLI to Change the SNMP v3 User Default Values To change the SNMP v3 user default values using the controller CLI, follow these steps: Step 1 See the current list of SNMP v3 users for this controller by entering this command: show snmpv3user Step 2 If default appears in the SNMP v3 User Name column, enter this command to delete this user: config snmp v3user delete username The username parameter is the SNMP v3 username (in this case, default ). Step 3 Create a new SNMP v3 user by entering this command: config snmp v3user create username { ro rw } { none hmacmd5 hmacsha } { none des aescfb128 } auth_key encrypt_key where username is the SNMP v3 username. ro is read-only mode and rw is read-write mode. none, hmacmd5, and hmacsha are the authentication protocol options. none, des, and aescfb128 are the privacy protocol options. auth_key is the authentication shared secret key. encrypt_key is the encryption shared secret key. Do not enter default for the username, auth_key, and encrypt_key parameters. Step 4 Save your changes by entering the save config command. Step 5 Reboot the controller so that the SNMP v3 user that you added takes effect by entering reset system command. Configuring Aggressive Load Balancing Enabling aggressive load balancing on the controller allows lightweight access points to load balance wireless clients across access points. You can enable aggressive load balancing using the controller GUI or CLI. Clients are load balanced between access points on the same controller. Load balancing does not occur between access points on different controllers. When a wireless client attempts to associate to a lightweight access point, association response packets are sent to the client with an response packet including status code 17. This code indicates whether the access point can accept any more associations. If the access point is too busy, the client attempts to associate to a different access point in the area. The system determines if an access point is relatively more busy than its neighbor access points that are also accessible to the client. For example, if the number of clients on AP1 is more than the number of clients on AP2 plus the load-balancing window, then AP1 is considered to be busier than AP2. When a client attempts to associate to AP1, it receives an response packet with status code 17, indicating that the access point is busy, and the client attempts to associate to a different access point. You can configure the controller to deny client associations up to 1 times (if a client attempted to associate 11 times, it would be allowed to associate on the 11th try). You can also enable or disable load balancing on a particular WLAN, which is useful if you want to disable load balancing for a select group of clients (such as time-sensitive voice clients). Client Association Limits The maximum number of client associations that the access points can support is dependent upon the following factors: The maximum number of client associations differs for lightweight and Autonmous IOS access points. There may be a limit per radio, and an overall limit per AP. AP hardware (the 16-MB APs have a lower limit than the 32-MB and higher APs). Client Association Limits for Lightweight Access Points Per AP Limits For 16-MB APs, the limit is 128 clients per AP. This is applicable to 11 and 12 series APs. For 32-MB and higher APs, there is no per-ap limit. Per-radio limits For all IOS APs, the limit is 2 associations per radio For all 1 and 15 series APs, which are not supported beyond the 4.2 release, the limit is 25 associations per radio. Thus, with 32-MB and higher lightweight IOS APs, with two radios, up to 2+2=4 associations are supported. Client Association Limits for Autonomous IOS Access Points Per-AP limits Practically, the limit is around 8 to 127 clients per AP. This varies depending on the following factors: AP model (whether it is 16 MB or 32 MB or higher). IOS version. Hardware configuration (two radios use more memory than one). Enabled features (WDS functionality in particular). Per-radio limits The practical per-radio limit is about 2 associations. One will likely hit the per-ap limit first. Per-SSID limits Unlike Cisco Unified Wireless Network, Autonomous IOS supports per-ssid/per-ap association limits. This is configured using the max-associations CLI, under dot11 SSID. The maximum and default is 255 associations. Using the GUI to Configure Aggressive Load Balancing To configure aggressive load balancing using the controller GUI, follow these steps: Step 1 Choose Wireless > Advanced > Load Balancing to open the Load Balancing page (see Figure 4-21). Figure 4-21 Wireless > Advanced > Load Balancing Page 2/27/215 1:5 PM

20 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 2 of 45 Step 2 In the Client Window Size text box, enter a value between 1 and 2. The window size becomes part of the algorithm that determines whether an access point is too heavily loaded to accept more client associations: load-balancing window + client associations on AP with the lightest load = load-balancing threshold In the group of access points accessible to a client device, each access point has a different number of client associations. The access point with the lowest number of clients has the lightest load. The client window size plus the number of clients on the access point with the lightest load forms the threshold. Access points with more client associations than this threshold is considered busy, and clients can associate only to access points with client counts lower than the threshold. Step 3 In the Maximum Denial Count text box, enter a value between and 1. The denial count sets the maximum number of association denials during load balancing. Step 4 Click Apply to commit your changes. Step 5 Click Save Configuration to save your changes. Step 6 To enable or disable aggressive load balancing on specific WLANs, choose WLANs > WLAN ID. The WLANs > Edit page appears. Step 7 Click the Advanced tab (see Figure 4-22). Figure 4-22 WLANs > Advanced Page Step 8 Click Apply to commit your changes. Step 9 Click Save Configuration to save your settings Using the CLI to Configure Aggressive Load Balancing To configure aggressive load balancing using the controller CLI, follow these steps: Step 1 Set the client window for aggressive load balancing by entering this command: config load-balancing window client_count You can enter a value between and 2 for the client_count parameter. Step 2 Set the denial count for load balancing by entering this command: config load-balancing denial denial_count You can enter a value between 1 and 1 for the denial_count parameter. Step 3 Save your changes by entering this command: save config Step 4 Enable or disable aggressive load balancing on specific WLANs by entering this command: config wlan load-balance allow {enable disable} wlan_id You can enter a value between 1 and 512 for wlan_id parameter. Step 5 Verify your settings by entering this command: show load-balancing Aggressive Load Balancing... Enabled Aggressive Load Balancing Window... 1 clients Aggressive Load Balancing Denial Count... 3 Statistics Total Denied Count... Total Denial Sent... Exceeded Denial Max Limit Count... None 5G Candidate Count... None 2.4G Candidate Count... 5 clients 1 messages times times times Step 6 Save your changes by entering this command: save config Configuring Band Selection Band selection enables client radios that are capable of dual-band (2.4- and 5-GHz) operation to move to a less congested 5-GHz access point. The 2.4-GHz band is often congested. Clients on this band typically experience interference from Bluetooth devices, microwave ovens, and cordless phones as well as co-channel interference from other access points because of the 82.11b/g limit of three nonoverlapping channels. To combat these sources of interference and improve overall network performance, you can configure band selection on the controller. Band selection works by regulating probe responses to clients. It makes 5-GHz channels more attractive to clients by delaying probe responses to clients on 2.4-GHz channels. Band selection is enabled globally by default. 2/27/215 1:5 PM

21 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Band-selection enabled WLANs do not support time-sensitive applications like voice and video because of roaming delays. Guidelines for Using the Band Selection Follow these guidelines when using band selection: Band selection can be used only with Cisco Aironet 114 and 125, 126, and 35 Series access points. Band selection operates only on access points that are connected to a controller. A hybrid-reap access point without a controller connection does not perform band selection after a reboot. The band-selection algorithm directs dual-band clients only from the 2.4-GHz radio to the 5-GHz radio of the same access point, and it only runs on an access point when both the 2.4-GHz and 5-GHz radios are up and running. You can enable both band selection and aggressive load balancing on the controller. They run independently and do not impact one another. Using the GUI to Configure Band Selection To configure band selection using the controller GUI, follow these steps: Step 1 Choose Wireless > Advanced > Band Select to open the Band Select page (see Figure 4-23). Figure 4-23 Wireless > Advanced > Band Select Page Step 2 In the Probe Cycle Count text box, enter a value between 1 and 1. The cycle count sets the number of suppression cycles for a new client. The default cycle count is 2. Step 3 In the Scan Cycle Period Threshold (milliseconds) text box, enter a value between 1 and 1 milliseconds for the scan cycle period threshold. This setting determines the time threshold during which new probe requests from a client come from a new scanning cycle. The default cycle threshold is 2 milliseconds. Step 4 In the Age Out Suppression (seconds) text box, enter a value between 1 and 2 seconds. Age-out suppression sets the expiration time for pruning previously known 82.11b/g clients. The default value is 2 seconds. After this time elapses, clients become new and are subject to probe response suppression. Step 5 In the Age Out Dual Band (seconds) text box, enter a value between 1 and 3 seconds. The age-out period sets the expiration time for pruning previously known dual-band clients. The default value is 6 seconds. After this time elapses, clients become new and are subject to probe response suppression. Step 6 In the Acceptable Client RSSI (dbm) text box, enter a value between 2 and 9 dbm. This parameter sets the minimum RSSI for a client to respond to a probe. The default value is 8 dbm. Step 7 Click Apply to commit your changes. Step 8 Click Save Configuration to save your changes. Step 9 To enable or disable aggressive load balancing on specific WLANs, choose WLANs > WLAN ID. The WLANs > Edit page appears. Step 1 Click the Advanced tab (see Figure 4-22). Step 11 Click Save Configuration to save your changes. Using the CLI to Configure Band Selection To configure band selection using the controller CLI, follow these steps: Step 1 Set the probe cycle count for band select by entering this command: config band-select cycle-count cycle_count You can enter a value between 1 and 1 for the cycle_count parameter. Step 2 Set the time threshold for a new scanning cycle period by entering this command: config band-select cycle-threshold milliseconds You can enter a value for threshold between 1 and 1 for the milliseconds parameter. Step 3 Set the suppression expire to the band select by entering this command: config band-select expire suppression seconds You can enter a value for suppression between 1 to 2 for the seconds parameter. Step 4 Set the dual band expire by entering this command: config band-select expire dual-band seconds You can enter a value for dual band between 1 and 3 for the seconds parameter. Step 5 Set the client RSSI threshold by entering this command: config band-select client-rssi client_rssi You can enter a value for minimum dbm of a client RSSI to respond to a probe between 2 and 9 for the client_rssi parameter. Step 6 Save your changes by entering this command: save config Step 7 Enable or disable band selection on specific WLANs by entering this command: config wlan band-select allow {enable disable} wlan_id You can enter a value between 1 and 512 for wlan_id parameter. Step 8 Verify your settings by entering this command: show band-select Band Select Probe Response... Enabled Cycle Count... 3 cycles Cycle Threshold... 3 milliseconds Age Out Suppression... 2 seconds Age Out Dual Band... 2 seconds Client RSSI dbm Step 9 Save your changes by entering this command: save config Configuring Fast SSID Changing When fast SSID changing is enabled, the controller allows clients to move between SSIDs. When the client sends a new association for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID. When fast SSID changing is disabled, the controller enforces a delay before clients are allowed to move to a new SSID. Using the GUI to Configure Fast SSID Changing To configure fast SSID changing for mobile clients using the controller GUI, follow these steps: Step 1 Choose Controller to open the General page. Step 2 From the Fast SSID Change drop-down list, choose Enabled to enable this feature or Disabled to disable it. The default value is disabled. Step 3 Click Apply to commit your changes. 2/27/215 1:5 PM

22 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 4 Click Save Configuration to save your changes. Using the CLI to Configure Fast SSID Changing To configure fast SSID changing for mobile clients using the controller CLI, follow these steps: Step 1 Enable or disable fast SSID changing by entering this command: config network fast-ssid-change { enable disable } Step 2 Save your changes by entering this command: save config Enabling 82.3X Flow Control 82.3X Flow Control is disabled by default. To enable it, enter the config switchconfig flowcontrol enable command. Configuring 82.3 Bridging The controller supports 82.3 frames and the applications that use them, such as those typically used for cash registers and cash register servers. However, to make these applications work with the controller, the 82.3 frames must be bridged on the controller. Support for raw 82.3 frames allows the controller to bridge non-ip frames for applications not running over IP. Only this raw 82.3 frame format is currently supported: Destination Source Total packet Payload... MAC address MAC address length You can configure 82.3 bridging through the controller GUI in software release 4.1 or later releases and through the controller CLI in software release 4. or later releases. In controller software release 5.2 or later releases, the software-based forwarding architecture for 21-series-based controllers is being replaced with a new forwarding plane architecture. As a result, Cisco 21 Series Controller and the Cisco Wireless LAN Controller Network Module for Cisco Integrated Services Routers (as well as Cisco 55 Series Controllers) bridge 82.3 packets by default. Therefore, 82.3 bridging can now be disabled only on 44 series controllers, the Cisco WiSM, and the Catalyst 375G Wireless LAN Controller Switch. By default, Cisco 21 Series Controllers that run software release 5.2 or later releases and Cisco 55 Series Controllers bridge all non-ipv4 packets (such as AppleTalk, IPv6, and so on). If desired, you can use ACLs to block the bridging of these protocols. You can also configure 82.3 bridging using the Cisco Wireless Control System (WCS). See the Cisco Wireless Control System Configuration Guide for instructions. Using the GUI to Configure 82.3 Bridging To configure 82.3 bridging using the controller GUI, follow these steps: Step 1 Choose Controller > General to open the General page (see Figure 4-24). Figure 4-24 General Page Step 2 From the 82.3 Bridging drop-down list, choose Enabled to enable 82.3 bridging on your controller or Disabled to disable this feature. The default value is Disabled. In controller software release 5.2 or later releases, you can disable 82.3 bridging only for 44 series controllers, the Cisco WiSM, and the Catalyst 375G Wireless LAN Controller Switch. Step 3 Click Apply to commit your changes. Step 4 Click Save Configuration to save your changes. Using the CLI to Configure 82.3 Bridging To configure 82.3 bridging using the controller CLI, follow these steps: Step 1 See the current status of 82.3 bridging for all WLANs by entering this command: show network Step 2 Enable or disable 82.3 bridging globally on all WLANs by entering this command: config network 82.3-bridging {enable disable} The default value is disabled. In controller software release 5.2 or later releases, you can disable 82.3 bridging only for 44 series controllers, the Cisco WiSM, and the Catalyst 375G Wireless LAN Controller Switch. Step 3 Save your settings by entering this command: save config Configuring Multicast Mode If your network supports packet multicasting, you can configure the multicast method that the controller uses. The controller performs multicasting in two modes: Unicast mode In this mode, the controller unicasts every multicast packet to every access point associated to the controller. This mode is inefficient but might be required on networks that do not support multicasting. Multicast mode In this mode, the controller sends multicast packets to a CAPWAP multicast group. This method reduces overhead on the controller processor and shifts the work of packet replication to your network, which is much more efficient than the unicast method. You can enable multicast mode using the controller GUI or CLI. Understanding Multicast Mode When you enable multicast mode and the controller receives a multicast packet from the wired LAN, the controller encapsulates the packet using CAPWAP and forwards the packet to the CAPWAP multicast group address. The controller always uses the management interface for sending multicast packets. Access points in the multicast group receive the packet and forward it to all the BSSIDs mapped to the interface on which clients receive multicast traffic. From the access point perspective, the multicast appears to be a broadcast to all SSIDs. In controller software release 4.2 or later releases, Internet Group Management Protocol (IGMP) snooping is introduced to better direct multicast packets. When this feature is enabled, the controller gathers IGMP reports from the clients, processes them, creates unique multicast group IDs (MGIDs) from the IGMP reports after selecting the Layer 3 multicast address and the VLAN number, and sends the IGMP reports to the infrastructure switch. The controller sends these reports with the source address as the interface address on which it received the reports from the clients. The controller then updates the access point MGID table on the access point with the client MAC address. When the controller receives multicast traffic for a particular multicast group, it forwards it to all the access points, but only those access points that have active clients listening or subscribed to that multicast group send multicast traffic on that particular WLAN. IP packets are forwarded with an MGID that is unique for an ingress VLAN and the destination multicast group. Layer 2 multicast packets are forwarded with an MGID that is unique for the ingress interface. When IGMP snooping is disabled, the following is true: The controller always uses Layer 2 MGID when it sends multicast data to the access point. Every interface created is assigned one Layer 2 MGID. For example, the management interface has an MGID of, and the first dynamic interface 2/27/215 1:5 PM

23 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 created is assigned an MGID of 8, which increments as each dynamic interface is created. The IGMP packets from clients are forwarded to the router. As a result, the router IGMP table is updated with the IP address of the clients as the last reporter. When IGMP snooping is enabled, the following is true: The controller always uses Layer 3 MGID for all Layer 3 multicast traffic sent to the access point. For all Layer 2 multicast traffic, it continues to use Layer 2 MGID. IGMP report packets from wireless clients are consumed or absorbed by the controller, which generates a query for the clients. After the router sends the IGMP query, the controller sends the IGMP reports with its interface IP address as the listener IP address for the multicast group. As a result, the router IGMP table is updated with the controller IP address as the multicast listener. When the client that is listening to the multicast groups roams from one controller to another, the first controller transmits all the multicast group information for the listening client to the second controller. As a result, the second controller can immediately create the multicast group information for the client. The second controller sends the IGMP reports to the network for all multicast groups to which the client was listening. This process aids in the seamless transfer of multicast data to the client. If the listening client roams to a controller in a different subnet, the multicast packets are tunneled to the anchor controller of the client to avoid the reverse path filtering (RPF) check. The anchor then forwards the multicast packets to the infrastructure switch. If a 44 series WLC has LAG and IGMP snooping enabled, WLC port 1 must be active. WLC sourced IGMP queries (only applicable if WLC IGMP snooping is enabled) are sent out of only WLC port 1 when LAG is enabled. This restriction is not applicable if LAG is disabled and the Management and AP Manager interfaces are mapped to ports other than 1. This restriction is not applicable to other WLC platforms. The MGIDs are controller specific. The same multicast group packets coming from the same VLAN in two different controllers may be mapped to two different MGIDs. If Layer 2 multicast is enabled, a single MGID is assigned to all the multicast addresses coming from an interface (see Figure 4-26). Guidelines for Using Multicast Mode Follow these guidelines when you enable multicast mode on your network: The Cisco Unified Wireless Network solution uses some IP address ranges for specific purposes, and you should keep these ranges in mind when configuring a multicast group: through Reserved link local addresses through Globally scoped addresses through x.y /16Limited scope addresses When you enable multicast mode on the controller, you also must configure a CAPWAP multicast group address. Access points subscribe to the CAPWAP multicast group using IGMP. Cisco 11, 113, 12, 123, and 124 access points use IGMP versions 1, 2, and 3. Access points in monitor mode, sniffer mode, or rogue detector mode do not join the CAPWAP multicast group address. The CAPWAP multicast group configured on the controllers should be different for different controllers. Multicast mode does not operate across intersubnet mobility events such as guest tunneling. It does, however, operate with interface overrides using RADIUS (but only when IGMP snooping is enabled) and with site-specific VLANs (access point group VLANs). For LWAPP, the controller drops multicast packets sent to UDP control port For CAPWAP, the controller drops multicast packets sent to UDP control and data ports 5246 and 5247, respectively. Therefore, you may want to consider not using these port numbers with the multicast applications on your network. We recommend that any multicast applications on your network not use the multicast address configured as the CAPWAP multicast group address on the controller. Cisco 21 Series Controllers do not support multicast-unicast mode. They do, however, support multicast-multicast mode, except when access points are connected directly to the local port of a 21 series controller. Using the GUI to Enable Multicast Mode To enable multicast mode using the controller GUI, follow these steps: Step 1 Choose Controller > Multicast to open the Multicast page (see Figure 4-25). Figure 4-25 Multicast Page Step 2 Choose one of the following options from the Ethernet Multicast Mode drop-down list: Disabled Disables multicasting on the controller. This is the default value. Unicast Configures the controller to use the unicast method to send multicast packets. Multicast Configures the controller to use the multicast method to send multicast packets to a CAPWAP multicast group. Hybrid REAP supports unicast mode only. Step 3 If you chose Multicast in Choose one of the following options from the Ethernet Multicast Mode drop-down list:, enter the IP address of the multicast group in the Multicast Group Address text box. Step 4 If you want to enable IGMP snooping, select the Enable IGMP Snooping check box. If you want to disable IGMP snooping, leave the check box unselected. The default value is disabled. Step 5 To set the IGMP timeout, enter a value between 3 and 72 seconds in the IGMP Timeout text box. The controller sends three queries in one timeout value at an interval of timeout /3 to see if any clients exist for a particular multicast group. If the controller does not receive a response through an IGMP report from the client, the controller times out the client entry from the MGID table. When no clients are left for a particular multicast group, the controller waits for the IGMP timeout value to expire and then deletes the MGID entry from the controller. The controller always generates a general IGMP query (that is, to destination address ) and sends it on all WLANs with an MGID value of 1. Step 6 Click Apply to commit your changes. Step 7 Click Save Configuration to save your changes. Using the GUI to View Multicast Groups To view multicast groups using the controller GUI, follow these steps: Step 1 Choose Monitor > Multicast. The Multicast Groups page appears (see Figure 4-26). Figure 4-26 Multicast Groups Page This page shows all the multicast groups and their corresponding MGIDs. Step 2 Click the link for a specific MGID (such as MGID 55) to see a list of all the clients joined to the multicast group in that particular MGID. Using the CLI to Enable Multicast Mode To enable multicast mode using the controller CLI, follow these steps: Step 1 Enable or disable multicasting on the controller by entering this command: config network multicast global {enable disable} The default value is disabled. The config network broadcast {enable disable} command allows you to enable or disable broadcasting without enabling or disabling multicasting as well. This command uses the multicast mode currently on the controller to 2/27/215 1:5 PM

24 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 operate. Step 2 Perform one of the following: a. Configure the controller to use the unicast method to send multicast packets by entering this command: config network multicast mode unicast b. Configure the controller to use the multicast method to send multicast packets to a CAPWAP multicast group by entering this command: config network multicast mode multicast multicast_group_ip_address Step 3 Enable or disable IGMP snooping by entering this command: config network multicast igmp snooping { enable disable } The default value is disabled. Step 4 Set the IGMP timeout value by entering this command: config network multicast igmp timeout timeout You can enter a timeout value between 3 and 3 seconds. The controller sends three queries in one timeout value at an interval of timeout /3 to see if any clients exist for a particular multicast group. If the controller does not receive a response through an IGMP report from the client, the controller times out the client entry from the MGID table. When no clients are left for a particular multicast group, the controller waits for the IGMP timeout value to expire and then deletes the MGID entry from the controller. The controller always generates a general IGMP query (that is, to destination address ) and sends it on all WLANs with an MGID value of 1. Step 5 Save your changes by entering this command: save config Using the CLI to View Multicast Groups To view multicast groups using the controller CLI, use these commands: See all the multicast groups and their corresponding MGIDs by entering this command: show network multicast mgid summary Layer2 MGID Mapping: InterfaceName vlanid MGID management test 9 wired 2 8 Layer3 MGID Mapping: Number of Layer3 MGIDs... 1 Group address Vlan MGID See all the clients joined to the multicast group in a specific MGID by entering this command: show network multicast mgid detail mgid_value where the mgid_value parameter is a number between 55 and 495. Mgid... Multicast Group Address... Vlan... Rx Packet Count... No of clients... Client List... Client MAC Expire Time (mm:ss) :13:2:23:82:ad : Using the CLI to View an Access Point s Multicast Client Table To help troubleshoot roaming events, you can view an access point s multicast client table from the controller by performing a remote debug of the access point. To view an access point s multicast client table using the controller CLI, follow these steps: Step 1 Initiate a remote debug of the access point by entering this command: debug ap enable Cisco_AP Step 2 See all of the MGIDs on the access point and the number of clients per WLAN by entering this command: debug ap command show capwap mcast mgid all Cisco_AP Step 3 See all of the clients per MGID on the access point and the number of clients per WLAN by entering this command: debug ap command show capwap mcast mgid id mgid_value Cisco_AP Configuring Client Roaming The Cisco UWN Solution supports seamless client roaming across lightweight access points managed by the same controller, between controllers in the same mobility group on the same subnet, and across controllers in the same mobility group on different subnets. Also, in controller software release 4.1 or later releases, client roaming with multicast packets is supported. You can adjust the default RF settings (RSSI, hysteresis, scan threshold, and transition time) to fine-tune the operation of client roaming using the controller GUI or CLI. Intra-Controller Roaming Each controller supports same-controller client roaming across access points managed by the same controller. This roaming is transparent to the client as the session is sustained, and the client continues using the same DHCP-assigned or clientassigned IP address. The controller provides DHCP functionality with a relay function. Same-controller roaming is supported in single-controller deployments and in multiple-controller deployments. Inter-Controller Roaming Multiple-controller deployments support client roaming across access points managed by controllers in the same mobility group and on the same subnet. This roaming is also transparent to the client because the session is sustained and a tunnel between controllers allows the client to continue using the same DHCP- or client-assigned IP address as long as the session remains active. The tunnel is torn down, and the client must reauthenticate when the client sends a DHCP Discover with a... client IP address or a *.* client auto-ip address or when the operator-set session timeout is exceeded. Inter-Subnet Roaming Multiple-controller deployments support client roaming across access points managed by controllers in the same mobility group on different subnets. This roaming is transparent to the client because the session is sustained and a tunnel between the controllers allows the client to continue using the same DHCP-assigned or client-assigned IP address as long as the session remains active. The tunnel is torn down, and the client must reauthenticate when the client sends a DHCP Discover with a... client IP address or a *.* client auto-ip address or when the operator-set user timeout is exceeded. Voice-over-IP Telephone Roaming voice-over-ip (VoIP) telephones actively seek out associations with the strongest RF signal to ensure the best quality of service (QoS) and the maximum throughput. The minimum VoIP telephone requirement of 2-millisecond or shorter latency time for the roaming handover is easily met by the Cisco UWN Solution, which has an average handover latency of 5 or fewer milliseconds when open authentication is used. This short latency period is controlled by controllers rather than allowing independent access points to negotiate roaming handovers. The Cisco UWN Solution supports VoIP telephone roaming across lightweight access points managed by controllers on different subnets, as long as the controllers are in the same mobility group. This roaming is transparent to the VoIP telephone because the session is sustained and a tunnel between controllers allows the VoIP telephone to continue using the same DHCP-assigned IP address as long as the session remains active. The tunnel is torn down, and the VoIP client must reauthenticate when the VoIP telephone sends a DHCP Discover with a... VoIP telephone IP address or a *.* VoIP telephone auto-ip address or when the operator-set user timeout is exceeded. CCX Layer 2 Client Roaming The controller supports five CCX Layer 2 client roaming enhancements: Access point assisted roamingthis feature helps clients save scanning time. When a CCXv2 client associates to an access point, it sends an information packet to the new access point listing the characteristics of its previous access point. Roaming time decreases when the client recognizes and uses an access point list built by compiling all previous access points to which each client was associated and sent (unicast) to the client immediately after association. The access point list contains the channels, BSSIDs of neighbor access points that support the client s current SSID(s), and time elapsed since disassociation. Enhanced neighbor listthis feature focuses on improving a CCXv4 client s roam experience and network edge performance, especially when servicing voice applications. The access point provides its associated client information about its neighbors using a neighbor-list update unicast message. Enhanced neighbor list request (E2E)The End-2-End specification is a Cisco and Intel joint program that defines new protocols and interfaces to improve the overall voice and roaming experience. It applies only to Intel clients in a CCX environment. Specifically, it enables Intel clients to request a neighbor list at will. When this occurs, the access point forwards the request to the controller. The controller receives the request and replies with the current CCX roaming sublist of neighbors for the access point to which the client is associated. To see whether a particular client supports E2E, choose Wireless > Clients on the controller GUI, click the Detail link for the desired client, and look at the E2E Version text box under Client Properties. Roam reason reportthis feature enables CCXv4 clients to report the reason why they roamed to a new access point. It also allows network administrators to build and monitor a roam history. Directed roam requestthis feature enables the controller to send directed roam requests to the client in situations when the controller can better service the client on an access point different from the one to which it is associated. In this case, the controller sends the client a list of the best access points that it can join. The client can either honor or ignore the directed roam request. Non-CCX clients and clients running CCXv3 or below must not take any action. No configuration is required for this feature. Controller software release 4.2 or later releases support CCX versions 1 through 5. CCX support is enabled automatically for every WLAN on the controller and cannot be disabled. The controller stores the CCX version of the client in its client database and uses it to generate and respond to CCX frames appropriately. Clients must support CCXv4 or v5 (or CCXv2 for access point assisted roaming) in order to utilize these roaming enhancements. See the Configuring Cisco Client Extensions section for more information on CCX. The roaming enhancements mentioned above are enabled automatically, with the appropriate CCX support. 2/27/215 1:5 PM

25 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Hybrid-REAP access points in standalone mode do not support CCX Layer 2 roaming. Using the GUI to Configure CCX Client Roaming Parameters To configure CCX client roaming parameters using the controller GUI, follow these steps: Step 1 Choose Wireless > 82.11a/n (or 82.11b/g/n) > Client Roaming. The 82.11a (or 82.11b) > Client Roaming page appears (see Figure 4-27). Figure a > Client Roaming Page Step 2 If you want to fine-tune the RF parameters that affect client roaming, choose Custom from the Mode drop-down list and go to Step 3. If you want to leave the RF parameters at their default values, choose Default and go to Step 8. Step 3 In the Minimum RSSI text box, enter a value for the minimum received signal strength indicator (RSSI) required for the client to associate to an access point. If the client s average received signal power dips below this threshold, reliable communication is usually impossible. Therefore, clients must already have found and roamed to another access point with a stronger signal before the minimum RSSI value is reached. The range is -8 to -9 dbm. The default is -85 dbm. Step 4 In the Hysteresis text box, enter a value to indicate how much greater the signal strength of a neighboring access point must be in order for the client to roam to it. This parameter is intended to reduce the amount of roaming between access points if the client is physically located on or near the border between two access points. The range is 3 to 2dB. The default is 3 db. Step 5 In the Scan Threshold text box, enter the minimum RSSI that is allowed before the client should roam to a better access point. When the RSSI drops below the specified value, the client must be able to roam to a better access point within the specified transition time. This parameter also provides a power-save method to minimize the time that the client spends in active or passive scanning. For example, the client can scan slowly when the RSSI is above the threshold and scan more rapidly when the RSSI is below the threshold. The range is -7 to -77 dbm. The default is -72 dbm. Step 6 In the Transition Time text box, enter the maximum time allowed for the client to detect a suitable neighboring access point to roam to and to complete the roam, whenever the RSSI from the client s associated access point is below the scan threshold. The Scan Threshold and Transition Time parameters guarantee a minimum level of client roaming performance. Together with the highest expected client speed and roaming hysteresis, these parameters make it possible to design a wireless LAN network that supports roaming simply by ensuring a certain minimum overlap distance between access points. The range is 1 to 1 seconds. The default is 5 seconds. Step 7 Click Apply to commit your changes. Step 8 Click Save Configuration to save your changes. Step 9 Repeat this procedure if you want to configure client roaming for another radio band (82.11a or 82.11b/g). Using the CLI to Configure CCX Client Roaming Parameters Configure CCX Layer 2 client roaming parameters by entering this command: config {82.11a 82.11b} l2roam rf-params { default custom min_rssi roam_hyst scan_thresh trans_time} See the description, range, and default value of each RF parameter in the Using the GUI to Configure CCX Client Roaming Parameters section. Using the CLI to Obtain CCX Client Roaming Information To view information about CCX Layer 2 client roaming using the controller CLI, follow these steps: Step 1 View the current RF parameters configured for client roaming for the 82.11a or 82.11b/g network by entering this command: show {82.11a 82.11b} l2roam rf-param Step 2 View the CCX Layer 2 client roaming statistics for a particular access point by entering this command: show {82.11a 82.11b} l2roam statistics ap_mac This command provides the following information: The number of roam reason reports received The number of neighbor list requests received The number of neighbor list reports sent The number of broadcast neighbor updates sent Step 3 View the roaming history for a particular client by entering this command: show client roam-history client_mac This command provides the following information: The time when the report was received The MAC address of the access point to which the client is currently associated The MAC address of the access point to which the client was previously associated The channel of the access point to which the client was previously associated The SSID of the access point to which the client was previously associated The time when the client disassociated from the previous access point The reason for the client roam Using the CLI to Debug CCX Client Roaming Issues If you experience any problems with CCX Layer 2 client roaming, enter this command: debug l2roam [detail error packet all] { enable disable } Configuring IP-MAC Address Binding In controller software release 5.2 or later releases, the controller enforces strict IP address-to-mac address binding in client packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses that are registered with the controller, and forwards the packet only if they both match. In previous releases, the controller checks only the MAC address of the client and ignores the IP address. If the IP address or MAC address of the packet has been spoofed, the check does not pass, and the controller discards the packet. Spoofed packets can pass through the controller only if both the IP and MAC addresses are spoofed together and changed to that of another valid client on the same controller. To configure IP-MAC address binding using the controller CLI, follow these steps: Step 1 Enable or disable IP-MAC address binding by entering this command: config network ip-mac-binding { enable disable } The default value is enabled. You might want to disable this binding check if you have a routed network behind a workgroup bridge (WGB). You must disable this binding check in order to use an access point in sniffer mode if the access point is joined to a Cisco 55 Series Controller, a Cisco 21 Series Controller, or a controller network module that runs software release 6. or later releases. Step 2 Save your changes by entering this command: save config Step 3 View the status of IP-MAC address binding by entering this command: 2/27/215 1:5 PM

26 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 show network summary RF-Network Name... ctrl444 Web Mode... Disable Secure Web Mode... Enable Secure Web Mode Cipher-Option High... Disable Secure Web Mode Cipher-Option SSLv2... Enable... IP/MAC Addr Binding Check... Enabled... Configuring Quality of Service Quality of service (QoS) refers to the capability of a network to provide better service to selected network traffic over various technologies. The primary goal of QoS is to provide priority including dedicated bandwidth, controlled jitter and latency (required by some real-time and interactive traffic), and improved loss characteristics. The controller supports four QoS levels: Platinum/VoiceEnsures a high quality of service for voice over wireless. Gold/VideoSupports high-quality video applications. Silver/Best EffortSupports normal bandwidth for clients. This is the default setting. Bronze/BackgroundProvides the lowest bandwidth for guest services. VoIP clients should be set to Platinum. You can configure the bandwidth of each QoS level using QoS profiles and then apply the profiles to WLANs. The profile settings are pushed to the clients associated to that WLAN. In addition, you can create QoS roles to specify different bandwidth levels for regular and guest users. Follow the instructions in this section to configure QoS profiles and QoS roles. Configuring Quality of Service Profiles You can use the controller GUI or CLI to configure the Platinum, Gold, Silver, and Bronze QoS profiles. Using the GUI to Configure QoS Profiles To configure QoS profiles using the controller GUI, follow these steps: Step 1 Disable the 82.11a and 82.11b/g networks so that you can configure the QoS profiles. To disable the radio networks, choose Wireless > 82.11a/n or 82.11b/g/n > Network, unselect the 82.11a (or 82.11b/g) Network Status check box, and click Apply. Step 2 Choose Wireless > QoS > Profiles to open the QoS Profiles page. Step 3 Click the name of the profile that you want to configure to open the Edit QoS Profile page (see Figure 4-28). Figure 4-28 Edit QoS Profile Page Step 4 Change the description of the profile by modifying the contents of the Description text box. Step 5 Define the average data rate for TCP traffic per user by entering the rate in Kbps in the Average Data Rate text box. You can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the profile. Step 6 Define the peak data rate for TCP traffic per user by entering the rate in Kbps in the Burst Data Rate text box. You can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the profile. The Burst Data Rate should be greater than or equal to the Average Data Rate. Otherwise, the QoS policy may block traffic to and from the wireless client. Step 7 Define the average real-time rate for UDP traffic on a per-user basis by entering the rate in Kbps in the Average Real-Time Rate text box. You can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the profile. Step 8 Define the peak real-time rate for UDP traffic on a per-user basis by entering the rate in Kbps in the Burst Real-Time Rate text box. You can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the profile. The Burst Real-Time Rate should be greater than or equal to the Average Real-Time Rate. Otherwise, the QoS policy may block traffic to and from the wireless client. Step 9 In the Queue Depth text box, enter the maximum number of packets that access points keep in their queues. Any additional packets are dropped. Step 1 Choose 82.1p from the Protocol Type drop-down list and enter the maximum priority value in the 82.1p Tag text box to define the maximum value (7) for the priority tag associated with packets that fall within the profile. The tagged packets include CAPWAP data packets (between access points and the controller) and packets sent toward the core network. If a QoS profile has 82.1p tagging configured and if this QoS profile is assigned to a WLAN that uses an untagged interface on the controller, the client traffic will be blocked. Step 11 Click Apply to commit your changes. Step 12 Click Save Configuration to save your changes. Step 13 Reenable the 82.11a and 82.11b/g networks. To enable the radio networks, choose Wireless > 82.11a/n or 82.11b/g/n > Network, select the 82.11a (or 82.11b/g) Network Status check box, and click Apply. Step 14 Follow the instructions in the Assigning a QoS Profile to a WLAN section to assign a QoS profile to a WLAN. Using the CLI to Configure QoS Profiles To configure the Platinum, Gold, Silver, and Bronze QoS profiles using the controller CLI, follow these steps: Step 1 Disable the 82.11a and 82.11b/g networks so that you can configure the QoS profiles by entering these commands: config 82.11a disable network config 82.11b disable network Step 2 Change the profile description by entering this command: config qos description {bronze silver gold platinum} description Step 3 Define the average data rate in Kbps for TCP traffic per user by entering this command: config qos average-data-rate {bronze silver gold platinum} rate For the rate parameter, you can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the QoS profile. Step 4 Define the peak data rate in Kbps for TCP traffic per user by entering this command: config qos burst-data-rate {bronze silver gold platinum} rate 2/27/215 1:5 PM

27 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 5 Define the average real-time rate in Kbps for UDP traffic per user by entering this command: config qos average-realtime-rate {bronze silver gold platinum} rate Step 6 Define the peak real-time rate in Kbps for UDP traffic per user by entering this command: config qos burst-realtime-rate {bronze silver gold platinum} rate Step 7 Specify the maximum percentage of RF usage per access point by entering this command: config qos max-rf-usage {bronze silver gold platinum} usage_percentage Step 8 Define the maximum value (7) for the priority tag associated with packets that fall within the profile, by entering these commands: config qos protocol-type {bronze silver gold platinum} dot1p config qos dot1p-tag {bronze silver gold platinum} tag The tagged packets include CAPWAP data packets (between access points and the controller) and packets sent toward the core network. If a QoS profile has 82.1p tagging configured and if this QoS profile is assigned to a WLAN that uses an untagged interface on the controller, the client traffic will be blocked. Step 9 Reenable the 82.11a and 82.11b/g networks so that you can configure the QoS profiles by entering these commands: config 82.11a enable network config 82.11b enable network Step 1 Follow the instructions in the Assigning a QoS Profile to a WLAN section to assign a QoS profile to a WLAN. Configuring Quality of Service Roles After you configure a QoS profile and apply it to a WLAN, it limits the bandwidth level of clients associated to that WLAN. Multiple WLANs can be mapped to the same QoS profile, which can result in bandwidth contention between regular users (such as employees) and guest users. In order to prevent guest users from using the same level of bandwidth as regular users, you can create QoS roles with different (and presumably lower) bandwidth contracts and assign them to guest users. You can use the controller GUI or CLI to configure up to ten QoS roles for guest users. If you choose to create an entry on the RADIUS server for a guest user and enable RADIUS authentication for the WLAN on which web authentication is performed rather than adding a guest user to the local user database from the controller, you need to assign the QoS role on the RADIUS server itself. To do so, a guest-role Airespace attribute needs to be added on the RADIUS server with a datatype of string and a return value of 11. This attribute is sent to the controller when authentication occurs. If a role with the name returned from the RADIUS server is found configured on the controller, the bandwidth associated to that role is enforced for the guest user after authentication completes successfully. Using the GUI to Configure QoS Roles To configure QoS roles using the controller GUI, follow these steps: Guest User role is not supported on Cisco 216 Controller. Step 1 Choose Wireless > QoS > Roles to open the QoS Roles for Guest Users page (see Figure 4-29). Figure 4-29 QoS Roles for Guest Users Page This page shows any existing QoS roles for guest users. If you want to delete a QoS role, hover your cursor over the blue drop-down arrow for that role and choose Remove. Step 2 Click New to create a new QoS role. The QoS Role Name > New page appears. Step 3 In the Role Name text box, enter a name for the new QoS role. The name should uniquely identify the role of the QoS user (such as Contractor, Vendor, and so on). Step 4 Click Apply to commit your changes. Step 5 Click the name of the QoS role to edit the bandwidth of a QoS role. The Edit QoS Role Data Rates page appears (see Figure 4-3). Figure 4-3 Edit QoS Role Data Rates Page The values that you configure for the per-user bandwidth contracts affect only the amount of bandwidth going downstream (from the access point to the wireless client). They do not affect the bandwidth for upstream traffic (from the client to the access point). Step 6 Define the average data rate for TCP traffic on a per-user basis by entering the rate in Kbps in the Average Data Rate text box. You can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the QoS role. Step 7 Define the peak data rate for TCP traffic on a per-user basis by entering the rate in Kbps in the Burst Data Rate text box. You can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the QoS role. The Burst Data Rate should be greater than or equal to the Average Data Rate. Otherwise, the QoS policy may block traffic to and from the wireless client. Step 8 Define the average real-time rate for UDP traffic on a per-user basis by entering the rate in Kbps in the Average Real-Time Rate text box. You can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the QoS role. Step 9 Define the peak real-time rate for UDP traffic on a per-user basis by entering the rate in Kbps in the Burst Real-Time Rate text box. You can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the QoS role. The Burst Real-Time Rate should be greater than or equal to the Average Real-Time Rate. Otherwise, the QoS policy may block traffic to and from the wireless client. Step 1 Click Apply to commit your changes. Step 11 Click Save Configuration to save your changes. Step 12 Apply a QoS role to a guest user, by following the steps in the Using the GUI to Configure Local Network Users section. Using the CLI to Configure QoS Roles 2/27/215 1:5 PM

28 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 To configure QoS roles using the controller CLI, follow these steps: Step 1 Create a QoS role for a guest user by entering this command: config netuser guest-role create role_name If you want to delete a QoS role, enter this command: config netuser guest-role delete role_name Step 2 Configure the bandwidth contracts for a QoS role by entering these commands: config netuser guest-role qos data-rate average-data-rate role_name rate Configures the average data rate for TCP traffic on a per-user basis. config netuser guest-role qos data-rate burst-data-rate role_name rate Configures the peak data rate for TCP traffic on a per-user basis. The Burst Data Rate should be greater than or equal to the Average Data Rate. Otherwise, the QoS policy may block traffic to and from the wireless client. config netuser guest-role qos data-rate average-realtime-rate role_name rate Configures the average real-time rate for UDP traffic on a per-user basis. config netuser guest-role qos data-rate burst-realtime-rate role_name rate Configures the peak real-time rate for UDP traffic on a per-user basis. The Burst Real-Time Rate should be greater than or equal to the Average Real-Time Rate. Otherwise, the QoS policy may block traffic to and from the wireless client. For the role_name parameter in each of these commands, enter a name for the new QoS role. The name should uniquely identify the role of the QoS user (such as Contractor, Vendor, and so on). For the rate parameter, you can enter a value between and 6, Kbps (inclusive). A value of imposes no bandwidth restriction on the QoS role. Step 3 Apply a QoS role to a guest user by entering this command: config netuser guest-role apply username role_name For example, the role of Contractor could be applied to guest user jsmith. If you do not assign a QoS role to a guest user, the Role text box in the User Details shows the role as default. The bandwidth contracts for this user are defined in the QoS profile for the WLAN. If you want to unassign a QoS role from a guest user, enter the config netuser guest-role apply username default command. This user now uses the bandwidth contracts defined in the QoS profile for the WLAN. Step 4 Save your changes by entering this command: save config Step 5 See a list of the current QoS roles and their bandwidth parameters by entering this command: show netuser guest-roles Role Name... Contractor Average Data Rate... 1 Burst Data Rate... 1 Average Realtime Rate... 1 Burst Realtime Rate... 1 Role Name... Vendor Average Data Rate... unconfigured Burst Data Rate... unconfigured Average Realtime Rate... unconfigured Burst Realtime Rate... unconfigured Configuring Voice and Video Parameters Three parameters on the controller affect voice and/or video quality: Call admission control Expedited bandwidth requests Unscheduled automatic power save delivery Each of these parameters is supported in Cisco Compatible Extensions (CCX) v4 and v5. See the Configuring Cisco Client Extensions section for more information on CCX. CCX is not supported on the AP13. Traffic stream metrics (TSM) can be used to monitor and report issues with voice quality. Call Admission Control Call admission control (CAC) enables an access point to maintain controlled quality of service (QoS) when the wireless LAN is experiencing congestion. The Wi-Fi Multimedia (WMM) protocol deployed in CCXv3 ensures sufficient QoS as long as the wireless LAN is not congested. However, in order to maintain QoS under differing network loads, CAC in CCXv4 is required. Two types of CAC are available: bandwidth-based CAC and load-based CAC. Bandwidth-Based CAC Bandwidth-based, or static, CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new call and in turn enables the access point to determine whether it is capable of accommodating this particular call. The access point rejects the call if necessary in order to maintain the maximum allowed number of calls with acceptable quality. The QoS setting for a WLAN determines the level of bandwidth-based CAC support. To use bandwidth-based CAC with voice applications, the WLAN must be configured for Platinum QoS. To use bandwidth-based CAC with video applications, the WLAN must be configured for Gold QoS. Also, make sure that WMM is enabled for the WLAN. See the Configuring 82.3 Bridging section for QoS and WMM configuration instructions. You must enable admission control (ACM) for CCXv4 clients that have WMM enabled. Otherwise, bandwidth-based CAC does not operate properly. Load-Based CAC Load-based CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types (including that from clients), co-channel access point loads, and collocated channel interference, for voice applications. Load-based CAC also covers the additional bandwidth consumption resulting from PHY and channel impairment. In load-based CAC, the access point continuously measures and updates the utilization of the RF channel (that is, the percentage of bandwidth that has been exhausted), channel interference, and the additional calls that the access point can admit. The access point admits a new call only if the channel has enough unused bandwidth to support that call. By doing so, load-based CAC prevents oversubscription of the channel and maintains QoS under all conditions of WLAN loading and interference. Load-based CAC is supported only on lightweight access points. If you disable load-based CAC, the access points start using bandwidth-based CAC. Expedited Bandwidth Requests The expedited bandwidth request feature enables CCXv5 clients to indicate the urgency of a WMM traffic specifications (TSPEC) request (for example, an e911 call) to the WLAN. When the controller receives this request, it attempts to facilitate the urgency of the call in any way possible without potentially altering the quality of other TSPEC calls that are in progress. You can apply expedited bandwidth requests to both bandwidth-based and load-based CAC. Expedited bandwidth requests are disabled by default. When this feature is disabled, the controller ignores all expedited requests and processes TSPEC requests as normal TSPEC requests. See Table 4-3 for examples of TSPEC request handling for normal TSPEC requests and expedited bandwidth requests. Table 4-3 TSPEC Request Handling Examples CAC Mode Reserved bandwidth for voice calls Bandwidth-based CAC 75% (default setting) Load-based CAC 1 2 Normal TSPEC Request TSPEC with Expedited Bandwidth Request Less than 75% Admitted Admitted Between 75% and 9% (reserved bandwidth for voice calls exhausted) Rejected Admitted More than 9% Rejected Rejected Less than 75% Admitted Admitted Between 75% and 85% (reserved bandwidth for voice calls exhausted) Rejected Admitted More than 85% Rejected Rejected Usage 1.For bandwidth-based CAC, the voice call bandwidth usage is per access point and does not take into account co-channel access points. For load-based CAC, the voice call bandwidth usage is measured for the entire channel. 2.Bandwidth-based CAC (consumed voice and video bandwidth) or load-based CAC (channel utilization [Pb]). Controller software release 6. or later releases support admission control for TSPEC g711-4ms codec type. 2/27/215 1:5 PM

29 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 When video ACM is enabled, the controller rejects a video TSPEC if the Non-MSDU size in the TSPEC is greater than 149 or the mean data rate is greater than 1 Kbps. U-APSD Unscheduled automatic power save delivery (U-APSD) is a QoS facility defined in IEEE 82.11e that extends the battery life of mobile clients. In addition to extending battery life, this feature reduces the latency of traffic flow delivered over the wireless media. Because U-APSD does not require the client to poll each individual packet buffered at the access point, it allows delivery of multiple downlink packets by sending a single uplink trigger packet. U-APSD is enabled automatically when WMM is enabled. Traffic Stream Metrics In a voice-over-wireless LAN (VoWLAN) deployment, traffic stream metrics (TSM) can be used to monitor voice-related metrics on the client-access point air interface. It reports both packet latency and packet loss. You can isolate poor voice quality issues by studying these reports. The metrics consist of a collection of uplink (client side) and downlink (access point side) statistics between an access point and a client device that supports CCX v4 or later releases. If the client is not CCX v4 or CCXv5 compliant, only downlink statistics are captured. The client and access point measure these metrics. The access point also collects the measurements every 5 seconds, prepares 9-second reports, and then sends the reports to the controller. The controller organizes the uplink measurements on a client basis and the downlink measurements on an access point basis and maintains an hour s worth of historical data. To store this data, the controller requires 32 MB of additional memory for uplink metrics and 4.8 MB for downlink metrics. TSM can be configured through either the GUI or the CLI on a per radio-band basis (for example, all 82.11a radios). The controller saves the configuration in flash memory so that it persists across reboots. After an access point receives the configuration from the controller, it enables TSM on the specified radio band. Access points support TSM in both local and hybrid-reap modes. Using the GUI to Configure Voice Parameters To configure voice parameters using the controller GUI, follow these steps: SIPs are available only on the Cisco 44 Series and Cisco 55 Series Controllers, and on the 124, 113, and 11n access points. Step 1 Make sure that the WLAN is configured for WMM and the Platinum QoS level. Step 2 Disable all WLANs with WMM enabled and click Apply. Step 3 Choose Wireless and then Network under 82.11a/n or 82.11b/g/n, unselect the 82.11a (or 82.11b/g) Network Status check box, and click Apply to disable the radio network. Step 4 Choose Wireless > 82.11a/n or 82.11b/g/n > Media. The 82.11a (or 82.11b) > Media page appears (see Figure 4-31). The Voice tab is displayed by default. Figure a/n > Voice Parameters Page Step 5 Select the Admission Control (ACM) check box to enable bandwidth-based CAC for this radio band. The default value is disabled. Step 6 Select both the Admission Control (ACM) check box and the Load-based AC check box to enable load-based CAC for this radio band. The default value for both check boxes is disabled. Step 7 In the Max RF Bandwidth text box, enter the percentage of the maximum bandwidth allocated to clients for voice applications on this radio band. Once the client reaches the value specified, the access point rejects new calls on this radio band. The range is 5 to 85%. The sum of max bandwidth% of voice and video should not exceed 85%. The default is 75%. Step 8 In the Reserved Roaming Bandwidth text box, enter the percentage of maximum allocated bandwidth that is reserved for roaming voice clients. The controller reserves this bandwidth from the maximum allocated bandwidth for roaming voice clients. The range is to 25%. The default is 6%. Step 9 To enable expedited bandwidth requests, select the Expedited Bandwidth check box. By default, this text box is disabled. Step 1 From the SIP Codec drop-down list, choose one of the following options to set the codec name. The default value is G.711. The options are as follows: User Defined G.711 G.729 Step 11 In the SIP Bandwidth (kbps) text box, enter the bandwidth in kilo bits per second. The possible range is 8 to 64. The default value is 64. The SIP Bandwidth (kbps) text box is highlighted only when you select the SIP codec as User-Defined. If you choose the SIP codec as G.711, the SIP Bandwidth (kbps) text box is set to 64. If you choose the SIP codec as G.729, the SIP Bandwidth (kbps) text box is set to 8. Step 12 In the SIP Voice Sample Interval (msecs) text box, enter the value for the sample interval. Step 13 In the Maximum Calls text box, enter the maximum number of calls that can be made to this radio. The maximum call limit includes both direct and roaming-in calls. If the maximum call limit is reached, new or roaming-in calls will fail. The possible range is to 25. The default value is, which indicates that there is no check for maximum call limit. Step 14 Select the Metrics Collection check box to collect Traffic Stream Metrics. By default, the box is unselected. That is, the traffic stream metrics is not collected by default. Step 15 Click Apply to commit your changes. Step 16 Reenable all WMM WLANs and click Apply. Step 17 Choose Network under 82.11a/n or 82.11b/g/n, select the 82.11a (or 82.11b/g) Network Status check box, and click Apply to reenable the radio network. Step 18 Click Save Configuration to save your changes. Step 19 Repeat this procedure if you want to configure voice parameters for another radio band (82.11a or 82.11b/g). Using the GUI to Configure Video Parameters To configure video parameters using the controller GUI, follow these steps: Step 1 Make sure that the WLAN is configured for WMM and the Gold QoS level. Step 2 Disable all WLANs with WMM enabled and click Apply. Step 3 Choose Wireless and then Network under 82.11a/n or 82.11b/g/n, unselect the 82.11a (or 82.11b/g) Network Status check box, and click Apply to disable the radio network. Step 4 Choose Wireless > 82.11a/n or 82.11b/g/n > Media. The 82.11a (or 82.11b) > Media page appears (see Figure 4-32). Figure a > Video Parameters Page 2/27/215 1:5 PM

30 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt... 3 of 45 Step 5 Choose the Video tab to configure the CAC for Video parameters. Step 6 Select the Admission Control (ACM) check box to enable video CAC for this radio band. The default value is disabled. Step 7 In the Max RF Bandwidth text box, enter the percentage of the maximum bandwidth allocated to clients for video applications on this radio band. Once the client reaches the value specified, the access point rejects new requests on this radio band. The range is 5 to 85%. The sum of maximum bandwidth% of voice and video should not exceed 85%. The default is %. Step 8 Click Apply to commit your changes. Step 9 Reenable all WMM WLANs and click Apply. Step 1 Choose Network under 82.11a/n or 82.11b/g/n, select the 82.11a (or 82.11b/g) Network Status check box, and click Apply to reenable the radio network. Step 11 Click Save Configuration to save your changes. Step 12 Repeat this procedure if you want to configure video parameters for another radio band (82.11a or 82.11b/g). Using the GUI to View Voice and Video Settings To view voice and video settings using the controller GUI, follow these steps: Step 1 Choose Monitor > Clients to open the Clients page (see Figure 4-33). Figure 4-33 Clients Page Step 2 Click the MAC address of the desired client to open the Clients > Detail page (see Figure 4-34). Figure 4-34 Clients > Detail Page 2/27/215 1:5 PM

31 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 This page shows the U-APSD status (if enabled) for this client under Quality of Service Properties. Step 3 Click Back to return to the Clients page. Step 4 See the TSM statistics for a particular client and the access point to which this client is associated as follows: a. Hover your cursor over the blue drop-down arrow for the desired client and choose 82.11aTSM or 82.11b/g TSM. The Clients > AP page appears (see Figure 4-35). Figure 4-35 Clients > AP Page b. Click the Detail link for the desired access point to open the Clients > AP > Traffic Stream Metrics page (see Figure 4-36). Figure 4-36 Clients > AP > Traffic Stream Metrics Page 2/27/215 1:5 PM

32 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 This page shows the TSM statistics for this client and the access point to which it is associated. The statistics are shown in 9-second intervals. The timestamp text box shows the specific interval when the statistics were collected. Step 5 See the TSM statistics for a particular access point and a particular client associated to this access point, as follows: a. Choose Wireless > Access Points > Radios > 82.11a/n or 82.11b/g/n. The 82.11a/n Radios or 82.11b/g/n Radios page appears (see Figure 4-37). Figure a/n Radios Page b. Hover your cursor over the blue drop-down arrow for the desired access point and choose 82.11aTSM or 82.11b/g TSM. The AP > Clients page appears (see Figure 4-38). Figure 4-38 AP > Clients Page c. Click the Detail link for the desired client to open the AP > Clients > Traffic Stream Metrics page (see Figure 4-39). Figure 4-39 AP > Clients > Traffic Stream Metrics Page 2/27/215 1:5 PM

33 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 This page shows the TSM statistics for this access point and a client associated to it. The statistics are shown in 9-second intervals. The timestamp text box shows the specific interval when the statistics were collected. Using the GUI to Configure Media Parameters To configure Media parameters using the controller GUI, follow these steps: Step 1 Make sure that the WLAN is configured for WMM and the Gold QoS level. Step 2 Disable all WLANs with WMM enabled and click Apply. Step 3 Choose Wireless and then Network under 82.11a/n or 82.11b/g/n, unselect the 82.11a (or 82.11b/g) Network Status check box, and click Apply to disable the radio network. Step 4 Choose Wireless > 82.11a/n or 82.11b/g/n > Media. The 82.11a (or 82.11b) > Media > Parameters page appears (see Figure 4-4). Figure a > Media Parameters Page Step 5 Choose the Media tab to open the Media page. Step 6 Select the Unicast Video Redirect check box to enable Unicast Video Redirect. The default value is disabled. Step 7 In the Maximum Media Bandwidth (-85%) text box, enter the percentage of the maximum bandwidth to be allocated for media applications on this radio band. Once the client reaches the specified value, the access point rejects new calls on this radio band. The default value is 85%; valid values are from to 85%. Step 8 In the Client Phy Rate text box, enter the value for the rate in kilobits per second at which the client operates. Step 9 In the Maximum Retry Percent (-1%) text box, enter the percentage of the maximum retry. The default value is 8. Step 1 Select the Multicast Direct Enable check box to enable the Multicast Direct Enable text box. The default value is enabled. Step 11 From the Multicast Direct Max Number of Streams drop-down list, choose the maximum number of allowed multicast direct streams per radio. The range is to 2 and auto. The default value is set to auto. Step 12 If you want to enable the best radio queue for this radio, select the Best Effort QoS Admission check box. The default value is disabled. Using the CLI to Configure SIP Based CAC To configure the SIP based CAC using the controller CLI, follow these steps: Step 1 Set the voice to the platinum QoS level by entering this command: config wlan qos wlan-id Platinum Step 2 Enable the call-snooping feature for a particular WLAN by entering this command: config wlan call-snoop enable wlan-id Step 3 Enable the ACM to this radio by entering this command: config {82.11a 82.11b} cac {voice video} acm enable Using the CLI to Configure Voice Parameters Make sure that you perform the Using the CLI to Configure SIP Based CAC before you do this procedure. To configure voice parameters using the controller CLI, follow these steps: Step 1 See all of the WLANs configured on the controller by entering this command: 2/27/215 1:5 PM

34 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 show wlan summary Step 2 Make sure that the WLAN that you are planning to modify is configured for WMM and the QoS level is set to Platinum by entering this command: show wlan wlan_id Step 3 Disable all WLANs with WMM enabled prior to changing the voice parameters by entering command: config wlan disable wlan_id Step 4 Disable the radio network by entering this command: config {82.11a 82.11b} disable network Step 5 Save your settings by entering this command: save config Step 6 Enable or disable bandwidth-based voice CAC for the 82.11a or 82.11b/g network by entering this command: config {82.11a 82.11b} cac voice acm {enable disable} Step 7 Set the percentage of maximum bandwidth allocated to clients for voice applications on the 82.11a or 82.11b/g network by entering this command: config {82.11a 82.11b} cac voice max-bandwidth bandwidth The bandwidth range is 5 to 85%, and the default value is 75%. Once the client reaches the value specified, the access point rejects new calls on this network. Step 8 Set the percentage of maximum allocated bandwidth reserved for roaming voice clients by entering this command: config {82.11a 82.11b} cac voice roam-bandwidth bandwidth The bandwidth range is to 25%, and the default value is 6%. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming voice clients. Step 9 Configure the codec name and sample interval as parameters and to calculate the required bandwidth per call by entering this command: config {82.11a 82.11b} cac voice sip codec {g711 g729} sample-interval number_msecs Step 1 Configure the bandwidth that is required per call by entering this command: config {82.11a 82.11b} cac voice sip bandwidth bandwidth_kbps sample-interval number_msecs Step 11 Reenable all WLANs with WMM enabled by entering this command: config wlan enable wlan_id Step 12 Reenable the radio network by entering this command: config {82.11a 82.11b} enable network Step 13 Save your changes by entering this command: save config Using the CLI to Configure Video Parameters Make sure that theusing the CLI to Configure SIP Based CAC are met. To configure video parameters using the controller CLI, follow these steps: Step 1 See all of the WLANs configured on the controller by entering this command: show wlan summary Step 2 Make sure that the WLAN that you are planning to modify is configured for WMM and the QoS level is set to Gold by entering this command: show wlan wlan_id Step 3 Disable all WLANs with WMM enabled prior to changing the video parameters by entering this command: config wlan disable wlan_id Step 4 Disable the radio network by entering this command: config {82.11a 82.11b} disable network Step 5 Save your settings by entering this command: save config Step 6 Enable or disable video CAC for the 82.11a or 82.11b/g network by entering this command: config {82.11a 82.11b} cac video acm {enable disable} Step 7 Set the percentage of maximum bandwidth allocated to clients for video applications on the 82.11a or 82.11b/g network by entering this command: config {82.11a 82.11b} cac video max-bandwidth bandwidth The bandwidth range is 5 to 85%, and the default value is 5%. However, the maximum RF bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network. If this parameter is set to zero (), the controller assumes that you do not want to do any bandwidth allocation and, therefore, allows all bandwidth requests. Step 8 Process or ignore the TSPEC inactivity timeout received from an access point by entering this command: config {82.11a 82.11b} cac video tspec-inactivity-timeout {enable ignore} Step 9 Reenable all WLANs with WMM enabled by entering this command: config wlan enable wlan_id Step 1 Reenable the radio network by entering this command: config {82.11a 82.11b} enable network Step 11 Save your settings by entering this command: save config Using the CLI to View Voice and Video Settings To view voice and video settings using the controller CLI, follow these steps: Step 1 See the CAC configuration for the 82.11a or 82.11b/g network by entering this command: show {82.11a show 82.11b} Step 2 See the CAC statistics for a particular access point by entering this command: show ap stats {82.11a 82.11b} ap_name Call Admission Control (CAC) Stats Voice Bandwidth in use(% of config bw)... Total channel MT free... Total voice MT free... Na Direct... Na Roam... Video Bandwidth in use(% of config bw)... Total num of voice calls in progress... Num of roaming voice calls in progress... Total Num of voice calls since AP joined... Total Num of roaming calls since AP joined... Total Num of exp bw requests received... Total Num of exp bw requests admitted... Num Num Num Num Num Num of of of of of of 5 2 voice calls rejected since AP joined... roam calls rejected since AP joined... calls rejected due to insufficient bw... calls rejected due to invalid params... calls rejected due to PHY rate... calls rejected due to QoS policy... In the example above, MT is medium time, Na is the number of additional calls, and exp bw is expedited bandwidth. Suppose an AP has to be rebooted when a voice client associated with the AP is on an active call. After the AP is rebooted, the client continues to maintain the call, and during the time the AP is down, the database is not refreshed by the controller. Therefore, we recommend that all active calls are ended before the AP is taken down. Step 3 See the U-APSD status for a particular client by entering this command: show client detail client_mac Step 4 See the TSM statistics for a particular client and the access point to which this client is associated by entering this command: show client tsm {82.11a 82.11b} client_mac {ap_mac all} The optional all command shows all access points to which this client has associated. 2/27/215 1:5 PM

35 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Client Interface Mac: :1:2:3:4:5 Measurement Duration: 9 seconds Timestamp 1st Jan 26, 6:35:8 UpLink Stats ================ Average Delay (5sec intervals)...35 Delay less than 1 ms...2 Delay bet 1-2 ms...2 Delay bet 2-4 ms...2 Delay greater than 4 ms...2 Total packet Count...8 Total packet lost count (5sec)...1 Maximum Lost Packet count(5sec)...5 Average Lost Packet count(5secs)...2 DownLink Stats ================ Average Delay (5sec intervals)...35 Delay less than 1 ms...2 Delay bet 1-2 ms...2 Delay bet 2-4 ms...2 Delay greater than 4 ms...2 Total packet Count...8 Total packet lost count (5sec)...1 Maximum Lost Packet count(5sec)...5 Average Lost Packet count(5secs)...2 The statistics are shown in 9-second intervals. The timestamp text box shows the specific interval when the statistics were collected. To clear the TSM statistics for a particular access point or all the access points to which this client is associated, enter the clear client tsm {82.11a 82.11b} client_mac {ap_mac all} command. Step 5 See the TSM statistics for a particular access point and a particular client associated to this access point by entering this command: show ap stats {82.11a 82.11b} ap_name tsm {client_mac all} The optional all command shows all clients associated to this access point. AP Interface Mac: :b:85:1:2:3 Client Interface Mac: :1:2:3:4:5 Measurement Duration: 9 seconds Timestamp 1st Jan 26, 6:35:8 UpLink Stats ================ Average Delay (5sec intervals)...35 Delay less than 1 ms...2 Delay bet 1-2 ms...2 Delay bet 2-4 ms...2 Delay greater than 4 ms...2 Total packet Count...8 Total packet lost count (5sec)...1 Maximum Lost Packet count(5sec)...5 Average Lost Packet count(5secs)...2 DownLink Stats ================ Average Delay (5sec intervals)...35 Delay less than 1 ms...2 Delay bet 1-2 ms...2 Delay bet 2-4 ms...2 Delay greater than 4 ms...2 Total packet Count...8 Total packet lost count (5sec)...1 Maximum Lost Packet count(5sec)...5 Average Lost Packet count(5secs)...2 The statistics are shown in 9-second intervals. The timestamp text box shows the specific interval when the statistics were collected. Step 6 Enable or disable debugging for call admission control (CAC) messages, events, or packets by entering this command: debug cac { all event packet }{ enable disable } where all configures debugging for all CAC messages, event configures debugging for all CAC events, and packet configures debugging for all CAC packets. Configuring EDCA Parameters Enhanced distributed channel access (EDCA) parameters are designed to provide preferential wireless channel access for voice, video, and other quality-of-service (QoS) traffic. Follow the instructions in this section to configure EDCA parameters using the controller GUI or CLI. Using the GUI to Configure EDCA Parameters To configure EDCA parameters using the controller GUI, follow these steps: Step 1 Choose Wireless and then Network under 82.11a/n or 82.11b/g/n, unselect the 82.11a (or 82.11b/g) Network Status check box, and click Apply to disable the radio network. Step 2 Choose EDCA Parameters under 82.11a/n or 82.11b/g/n. The 82.11a (or 82.11b/g) > EDCA Parameters page appears (see Figure 4-41). Figure a > EDCA Parameters Page Step 3 Choose one of the following options from the EDCA Profile drop-down list: WMM Enables the Wi-Fi Multimedia (WMM) default parameters. This is the default value. Choose this option when voice or video services are not deployed on your network. Spectralink Voice Priority Enables SpectraLink voice priority parameters. Choose this option if SpectraLink phones are deployed on your network to improve the quality of calls. Voice Optimized Enables EDCA voice-optimized profile parameters. Choose this option when voice services other than SpectraLink are deployed on your network. Voice & Video Optimized Enables EDCA voice- and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network. If you deploy video services, admission control (ACM) must be disabled. Step 4 If you want to enable MAC optimization for voice, select the Enable Low Latency MAC check box. Otherwise, leave this check box unselected, which is the default value. This feature enhances voice performance by controlling packet retransmits and appropriately aging out voice packets on lightweight access points, which improves the number of voice calls serviced per access point. We do not recommend you to enable low latency MAC. You should enable low latency MAC only if the WLAN allows WMM clients. If WMM is enabled, then low latency MAC can be used with any of the EDCA profiles. See the Configuring QoS Enhanced BSS section for instructions on enabling WMM. 2/27/215 1:5 PM

36 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 5 Click Apply to commit your changes. Step 6 To reenable the radio network, choose Network under 82.11a/n or 82.11b/g/n, select the 82.11a (or 82.11b/g) Network Status check box, and click Apply. Step 7 Click Save Configuration to save your changes. Using the CLI to Configure EDCA Parameters To configure EDCA parameters using the controller CLI, follow these steps: Step 1 Disable the radio network by entering this command: config {82.11a 82.11b} disable network Step 2 Save your settings by entering this command: save config Step 3 Enable a specific EDCA profile by entering this command: config advanced {82.11a 82.11b } edca-parameters? where? is one of the following: wmm-defaultenables the Wi-Fi Multimedia (WMM) default parameters. This is the default value. Choose this option when voice or video services are not deployed on your network. svp-voiceenables SpectraLink voice priority parameters. Choose this option if SpectraLink phones are deployed on your network to improve the quality of calls. optimized-voiceenables EDCA voice-optimized profile parameters. Choose this option when voice services other than SpectraLink are deployed on your network. optimized-video-voiceenables EDCA voice- and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network. If you deploy video services, admission control (ACM) must be disabled. Step 4 View the current status of MAC optimization for voice by entering this command: show { 82.11a 82.11b } Voice-mac-optimization...Disabled Step 5 Enable or disable MAC optimization for voice by entering this command: config advanced { 82.11a 82.11b } voice-mac-optimization { enable disable } This feature enhances voice performance by controlling packet retransmits and appropriately aging out voice packets on lightweight access points, which improves the number of voice calls serviced per access point. The default value is disabled. Step 6 Reenable the radio network by entering this command: config {82.11a 82.11b} enable network Step 7 Save your settings by entering this command: save config Configuring Cisco Discovery Protocol The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs on all Cisco-manufactured equipment. A device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighboring devices. The default value for the frequency of periodic transmissions is 6 seconds, and the default advertised time-to-live value is 18 seconds. The second and latest version of the protocol, CDPv2, introduces new time-length-values (TLVs) and provides a reporting mechanism that allows for more rapid error tracking, which reduces downtime. CDPv1 and CDPv2 are supported on the following devices: Cisco 55, 44, and 21 Series Controllers CDP is not supported on the controllers that are integrated into Cisco switches and routers, including those in the Catalyst 375G Integrated Wireless LAN Controller Switch, the Cisco WiSM, and the Cisco 28/37/38xx Series Integrated Services Router. However, you can use the show ap cdp neighbors detail {Cisco_AP all} command on these controllers in order to see the list of CDP neighbors for the access points that are connected to the controller. CAPWAP-enabled access points An access point connected directly to a Cisco 55, 44, or 21 Series Controller For Intelligent Power Management to work as expected, ensure that CDPv2 is enabled on the 25 series WLCs. This support enables network management applications to discover Cisco devices. These TLVs are supported by both the controller and the access point: Device-ID TLV: x1the host name of the controller, the access point, or the CDP neighbor. Address TLV: x2the IP address of the controller, the access point, or the CDP neighbor. Port-ID TLV: x3the name of the interface on which CDP packets are sent out. Capabilities TLV: x4the capabilities of the device. The controller sends out this TLV with a value of Host: x1, and the access point sends out this TLV with a value of Transparent Bridge: x2. Version TLV: x5the software version of the controller, the access point, or the CDP neighbor. Platform TLV: x6the hardware platform of the controller, the access point, or the CDP neighbor. These TLVs are supported only by the access point: Full/Half Duplex TLV: xbthe full- or half-duplex mode of the Ethernet link on which CDP packets are sent out. This TLV is not supported on access points that are connected directly to a 55, 44, or 21 series controller. Power Consumption TLV: x1the maximum amount of power consumed by the access point. This TLV is not supported on access points that are connected directly to a 55, 44, or 21 series controller. You can configure CDP and view CDP information using the GUI in controller software release 4.1 or later or the CLI in controller software release 4. or later releases. Figure 4-42 shows a sample network that you can use as a reference when performing the procedures in this section. Changing the CDP configuration on the controller does not change the CDP configuration on the access points that are connected to the controller. You must enable and disable CDP separately for each access point. Figure 4-42 Sample Network Illustrating CDP Using the GUI to Configure Cisco Discovery Protocol To configure CDP using the controller GUI, follow these steps: Step 1 Choose Controller > CDP > Global Configuration to open the CDP > Global Configuration page (see Figure 4-43). Figure 4-43 CDP > Global Configuration Page 2/27/215 1:5 PM

37 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Step 2 Select the CDP Protocol Status check box to enable CDP on the controller or unselect it to disable this feature. The default value is selected. Enabling or disabling this feature is applicable to all controller ports. Step 3 From the CDP Advertisement Version drop-down list, choose v1 or v2 to specify the highest CDP version supported on the controller. The default value is v1. Step 4 In the Refresh-time Interval text box, enter the interval at which CDP messages are to be generated. The range is 5 to 254 seconds, and the default value is 6 seconds. Step 5 In the Holdtime text box, enter the amount of time to be advertised as the time-to-live value in generated CDP packets. The range is 1 to 255 seconds, and the default value is 18 seconds. Step 6 Click Apply to commit your changes. Step 7 Click Save Configuration to save your changes. Step 8 Perform one of the following: To enable or disable CDP on a specific access point, follow these steps: Choose Wireless > Access Points > All APs to open the All APs page. 1. Click the link for the desired access point. 2. Choose the Advanced tab to open the All APs > Details for (Advanced) page (see Figure 4-44). Figure 4-44 All APs > Details for (Advanced) Page 1. Select the Cisco Discovery Protocol check box to enable CDP on this access point or unselect it to disable this feature. The default value is enabled. If CDP is disabled in Step 2, a message indicating that the Controller CDP is disabled appears. 1. Click Apply to commit your changes. To enable or disable CDP on all access points currently associated to the controller, follow these steps: Choose Wireless > Access Points > Global Configuration to open the Global Configuration page. 1. Select the CDP State check box to enable CDP on all access points associated to the controller or unselect it to disable CDP on all access points. The default value is selected. 2. Click Apply to commit your changes. Step 9 Click Save Configuration to save your changes. Using the GUI to View Cisco Discovery Protocol Information To view CDP information using the controller GUI, follow these steps: Step 1 Choose Monitor > CDP > Interface Neighbors to open the CDP > Interface Neighbors page appears (see Figure 4-45). Figure 4-45 CDP > Interface Neighbors Page This page shows the following information: The controller port on which the CDP packets were received The name of each CDP neighbor The IP address of each CDP neighbor The port used by each CDP neighbor for transmitting CDP packets The time left (in seconds) before each CDP neighbor entry expires The functional capability of each CDP neighbor, defined as follows: R - Router, T - Trans Bridge, B - Source Route Bridge, S - Switch, H - Host, I - IGMP, r - Repeater, or M - Remotely Managed Device The hardware platform of each CDP neighbor device Step 2 Click the name of the desired interface neighbor to see more detailed information about each interface s CDP neighbor. The CDP > Interface Neighbors > Detail page appears (see Figure 4-46). 2/27/215 1:5 PM

38 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 Figure 4-46 CDP > Interface Neighbors > Detail Page This page shows the following information: The controller port on which the CDP packets were received The name of the CDP neighbor The IP address of the CDP neighbor The port used by the CDP neighbor for transmitting CDP packets The CDP version being advertised (v1 or v2) The time left (in seconds) before the CDP neighbor entry expires The functional capability of the CDP neighbor, defined as follows: Router, Trans Bridge, Source Route Bridge, Switch, Host, IGMP, Repeater, or Remotely Managed Device The hardware platform of the CDP neighbor device The software running on the CDP neighbor Step 3 Choose AP Neighbors to see a list of CDP neighbors for all access points connected to the controller. The CDP AP Neighbors page appears (see Figure 4-47). Figure 4-47 CDP AP Neighbors Page Step 4 Click the CDP Neighbors link for the desired access point to see a list of CDP neighbors for a specific access point. The CDP > AP Neighbors page appears (see Figure 4-48). Figure 4-48 CDP > AP Neighbors Page This page shows the following information: The name of each access point The IP address of each access point The name of each CDP neighbor The IP address of each CDP neighbor The port used by each CDP neighbor The CDP version being advertised (v1 or v2) Step 5 Click the name of the desired access point to see detailed information about an access point s CDP neighbors. The CDP > AP Neighbors > Detail page appears (see Figure 4-49). Figure 4-49 CDP > AP Neighbors > Detail Page This page shows the following information: The name of the access point The MAC address of the access point s radio The IP address of the access point The interface on which the CDP packets were received The name of the CDP neighbor The IP address of the CDP neighbor The port used by the CDP neighbor The CDP version being advertised (v1 or v2) The time left (in seconds) before the CDP neighbor entry expires The functional capability of the CDP neighbor, defined as follows: R - Router, T - Trans Bridge, 2/27/215 1:5 PM

39 Cisco Wireless LAN Controller Configuration Guide, Release 7. - Chapt of 45 B - Source Route Bridge, S - Switch, H - Host, I - IGMP, r - Repeater, or M - Remotely Managed Device The hardware platform of the CDP neighbor device The software running on the CDP neighbor Step 6 Choose Traffic Metrics to see CDP traffic information. The CDP > Traffic Metrics page appears (see Figure 4-5). Figure 4-5 CDP > Traffic Metrics Page This page shows the following information: The number of CDP packets received by the controller The number of CDP packets sent from the controller The number of packets that experienced a checksum error The number of packets dropped due to insufficient memory The number of invalid packets Using the CLI to Configure the Cisco Discovery Protocol To configure CDP using the controller CLI, follow these steps: Step 1 Enable or disable CDP on the controller by entering this command: config cdp {enable disable} CDP is enabled by default. Step 2 Specify the interval at which CDP messages are to be generated by entering this command: config cdp timer seconds The range is 5 to 254 seconds, and the default value is 6 seconds. Step 3 Specify the amount of time to be advertised as the time-to-live value in generated CDP packets by entering this command: config cdp holdtime seconds The range is 1 to 255 seconds, and the default value is 18 seconds. Step 4 Specify the highest CDP version supported on the controller by entering this command: config cdp advertise {v1 v2} The default value is v1. Step 5 Enable or disable CDP on all access points that are joined to the controller by entering the config ap cdp {enable disable} all command. The config ap cdp disable all command disables CDP on all access points that are joined to the controller and all access points that join in the future. CDP remains disabled on both current and future access points even after the controller or access point reboots. To enable CDP, enter the config ap cdp enable all command. After you enable CDP on all access points joined to the controller, you may disable and then reenable CDP on individual access points using the command in Step 6. After you disable CDP on all access points joined to the controller, you may not enable and then disable CDP on individual access points. Step 6 Enable or disable CDP on a specific access point by entering this command: config ap cdp {enable disable} Cisco_AP Step 7 Save your changes by entering this command: save config Using the CLI to View Cisco Discovery Protocol Information To obtain information about CDP neighbors on the controller using the controller CLI, follow these steps: Step 1 See the status of CDP and to view CDP protocol information by entering this command: show cdp Step 2 See a list of all CDP neighbors on all interfaces by entering this command: show cdp neighbors [detail] The optional detail command provides detailed information for the controller s CDP neighbors. This command shows only the CDP neighbors of the controller. It does not show the CDP neighbors of the controller s associated access points. Additional commands are provided below to show the list of CDP neighbors per access point. Step 3 See all CDP entries in the database by entering this command: show cdp entry all Step 4 See CDP traffic information on a given port (for example, packets sent and received, CRC errors, and so on) by entering this command: show cdp traffic Step 5 See the CDP status for a specific access point by entering this command: show ap cdp ap-name Cisco_AP Step 6 See the CDP status for all access points that are connected to the controller by entering this command: show ap cdp all Step 7 See a list of all CDP neighbors for a specific access point by entering these commands: show ap cdp neighbors ap-name Cisco_AP show ap cdp neighbors detail Cisco_AP The access point sends CDP neighbor information to the controller only when the information changes. Step 8 See a list of all CDP neighbors for all access points connected to the controller by entering these commands: show ap cdp neighbors all show ap cdp neighbors detail all Information similar to the following appears when you enter the show ap cdp neighbors all command: AP Name AP IP Neighbor Name Neighbor IP Neighbor Port AP13.61c.a GigabitEthernet1/26 AP13.61c.b GigabitEthernet1/27 AP13.61c.c GigabitEthernet1/28 Information similar to the following appears when you enter the show ap cdp neighbors detail all command: AP Name: AP13.61c.a AP IP Address: Device ID: 65-1 Entry address(es): Platform: cisco WS-C656-E, Capabilities: Router Switch IGMP Interface: Port - 1, Port ID (outgoing port): GigabitEthernet1/26 Holdtime: 157 sec Version: Cisco Internetwork Operating System Software IOS (tm) s7233_rp Software (s7233_rp-psv-m), Version 12.2(18)SXD5, RELEASE SOFTWARE (fc3) Technical Support: Copyright (c) by cisco Systems, Inc. Compiled Fri 13-Ma The access point sends CDP neighbor information to the controller only when the information changes. 2/27/215 1:5 PM